diff -Nuar ./samba.0/log.nmbd ./samba.1/log.nmbd --- ./samba.0/log.nmbd 2013-11-07 07:38:41.944000000 +0100 +++ ./samba.1/log.nmbd 2013-11-07 07:38:51.912000000 +0100 @@ -2752,3 +2752,85 @@ dump workgroup on subnet 10.200.8.43: netmask= 255.255.255.0: AR32I8(1) current master browser = UNKNOWN MEMBER43 40009b23 (member43 univention corporate server) +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:99(read_udp_v4_socket) + read_udp_v4_socket: ip 10.200.8.239 port 35072 read: 50 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:550(parse_nmb) + parse_nmb: packet id = 55806 +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:836(read_packet) + Received a packet of len 50 from (10.200.8.239) port 137 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:99(read_udp_v4_socket) + read_udp_v4_socket: ip 10.200.8.239 port 35072 read: 50 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:550(parse_nmb) + parse_nmb: packet id = 55806 +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:836(read_packet) + Received a packet of len 50 from (10.200.8.239) port 137 +[2013/11/07 07:38:45, 7, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:2024(listen_for_packets) + discarding duplicate packet from 10.200.8.239:137 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet) + nmb packet from 10.200.8.239(137) header: id=55806 opcode=Query(0) response=No + header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No + header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 + question: q_name=MEMBER43<00> q_type=32 q_class=1 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_winsserver.c:524(packet_is_for_wins_server) + packet_is_for_wins_server: failing WINS test #1. +[2013/11/07 07:38:45, 3, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request) + process_name_query_request: Name query from 10.200.8.239 on subnet 10.200.8.43 for name MEMBER43<00> +[2013/11/07 07:38:45, 9, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_namelistdb.c:135(find_name_on_subnet) + find_name_on_subnet: on subnet 10.200.8.43 - found name MEMBER43<00> source=2 +[2013/11/07 07:38:45, 3, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_incomingrequests.c:574(process_name_query_request) + OK +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:969(reply_netbios_packet) + reply_netbios_packet: sending a reply of packet type: nmb_query MEMBER43<00> to ip 10.200.8.239 for id 55806 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet) + nmb packet from 10.200.8.239(137) header: id=55806 opcode=Query(0) response=Yes + header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes + header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 + answers: nmb_name=MEMBER43<00> rr_type=32 rr_class=1 ttl=259200 + answers 0 char .....+ hex 00000AC8082B +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:858(send_udp) + Sending a packet of len 62 to (10.200.8.239) on port 137 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) + find_workgroup_on_subnet: workgroup search for AR32I8 on subnet 10.200.8.43: found. +[2013/11/07 07:38:45, 8, pid=20907, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1191(is_myname) + is_myname("MEMBER43") returns 1 +[2013/11/07 07:38:45, 3, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:212(send_host_announcement) + send_host_announcement: type 9b23 for host MEMBER43 on subnet 10.200.8.43 for workgroup AR32I8 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:2129(send_mailslot) + send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MEMBER43<00> IP 10.200.8.43 to AR32I8<1d> IP 10.200.8.255 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:116(debug_browse_data) + debug_browse_data(): + 0 char ......MEMBER43.. hex 01 01 c0 d4 01 00 4d 45 4d 42 45 52 34 33 00 00 + 10 char ........#.....U. hex 00 00 00 00 00 00 04 09 23 9b 00 00 0f 01 55 aa + 20 char member43 univent hex 6d 65 6d 62 65 72 34 33 20 75 6e 69 76 65 6e 74 + 30 char ion corporate se hex 69 6f 6e 20 63 6f 72 70 6f 72 61 74 65 20 73 65 + 40 char rver. hex 72 76 65 72 00 +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:858(send_udp) + Sending a packet of len 237 to (10.200.8.255) on port 138 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:376(announce_myself_to_domain_master_browser) + announce_myself_to_domain_master_browser: no unicast subnet, ignoring. +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups) + dump_workgroups() + dump workgroup on subnet 10.200.8.43: netmask= 255.255.255.0: + AR32I8(1) current master browser = UNKNOWN + MEMBER43 40009b23 (member43 univention corporate server) +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:99(read_udp_v4_socket) + read_udp_v4_socket: ip 10.200.8.43 port 35328 read: 237 +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:836(read_packet) + Received a packet of len 237 from (10.200.8.43) port 138 +[2013/11/07 07:38:45, 7, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:2008(listen_for_packets) + discarding own dgram packet from 10.200.8.43:138 +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:99(read_udp_v4_socket) + read_udp_v4_socket: ip 10.200.8.43 port 35328 read: 237 +[2013/11/07 07:38:45, 5, pid=20907, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:836(read_packet) + Received a packet of len 237 from (10.200.8.43) port 138 +[2013/11/07 07:38:45, 7, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_packets.c:2008(listen_for_packets) + discarding own dgram packet from 10.200.8.43:138 +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) + find_workgroup_on_subnet: workgroup search for AR32I8 on subnet 10.200.8.43: found. +[2013/11/07 07:38:45, 10, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_sendannounce.c:376(announce_myself_to_domain_master_browser) + announce_myself_to_domain_master_browser: no unicast subnet, ignoring. +[2013/11/07 07:38:45, 4, pid=20907, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups) + dump_workgroups() + dump workgroup on subnet 10.200.8.43: netmask= 255.255.255.0: + AR32I8(1) current master browser = UNKNOWN + MEMBER43 40009b23 (member43 univention corporate server) diff -Nuar ./samba.0/log.smbd ./samba.1/log.smbd --- ./samba.0/log.smbd 2013-11-07 07:38:41.956000000 +0100 +++ ./samba.1/log.smbd 2013-11-07 07:38:51.948000000 +0100 @@ -46305,3 +46305,161804 @@ messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2013/11/07 07:38:40.705846, 10, pid=20933, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:496(message_dispatch) message_dispatch: received_messages = 1 +[2013/11/07 07:38:43.263435, 10, pid=20933, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.263738, 10, pid=20933, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 37 (position 37) from bitmap +[2013/11/07 07:38:43.263875, 10, pid=20933, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 37 +[2013/11/07 07:38:43.264042, 4, pid=20933, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.264154, 5, pid=20933, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.266275, 5, pid=20933, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.266764, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.266897, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:43.267024, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.267126, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:43.267236, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B6B6FC0C +[2013/11/07 07:38:43.267369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d343ef0 +[2013/11/07 07:38:43.267554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:43.267619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'B6B6FC0C' stored +[2013/11/07 07:38:43.267723, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb6b6fc0c (3065445388) + open_persistent_id : 0x00000000b6b6fc0c (3065445388) + open_volatile_id : 0x000000000f725489 (259150985) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:43 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:43.268910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B6B6FC0C +[2013/11/07 07:38:43.269016, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.269113, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:43.269216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:43.269276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xb6b6fc0c) stored +[2013/11/07 07:38:43.269668, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x0f725489 (259150985) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb6b6fc0c (3065445388) + open_persistent_id : 0x00000000b6b6fc0c (3065445388) + open_volatile_id : 0x000000000f725489 (259150985) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:43 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:43 2013 CET + compat : NULL +[2013/11/07 07:38:43.271263, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 259150985 (1 used) +[2013/11/07 07:38:43.271384, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:43.271530, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:43.271650, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \spoolss +[2013/11/07 07:38:43.271753, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss +[2013/11/07 07:38:43.271995, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:43.272101, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:43.272236, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 259150985 +[2013/11/07 07:38:43.272393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:43.272508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/38/127 +[2013/11/07 07:38:43.277067, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.277284, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 38 (position 38) from bitmap +[2013/11/07 07:38:43.277601, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 38 +[2013/11/07 07:38:43.277674, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.277719, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.278506, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.278700, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.278750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 38, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.278793, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 259150985 +[2013/11/07 07:38:43.278839, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:43.278882, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:43.278921, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:43.278960, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.279001, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.279039, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:43.279077, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:43.279119, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.279156, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:43.279194, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:43.279235, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.279297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:43.280195, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:43.280238, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:43.280279, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:43.280319, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:43.280364, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:43.280418, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss +[2013/11/07 07:38:43.280478, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:43.281040, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.281254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:43.281301, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/39/127 +[2013/11/07 07:38:43.286693, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.286911, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 39 (position 39) from bitmap +[2013/11/07 07:38:43.287044, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 39 +[2013/11/07 07:38:43.287184, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.287310, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.289318, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.289990, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.290118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 39, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.290223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 259150985 +[2013/11/07 07:38:43.290341, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.290505, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:43.290618, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.291145, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:43.291257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:43.291401, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/40/127 +[2013/11/07 07:38:43.292554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.292731, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 40 (position 40) from bitmap +[2013/11/07 07:38:43.292854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 40 +[2013/11/07 07:38:43.293005, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.293129, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.295163, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.295643, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.295761, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 40, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.295897, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 259150985 +[2013/11/07 07:38:43.296014, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:43.296114, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:43.296216, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:43.296313, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:43.296412, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.296513, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.296607, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:43.296702, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:43.296805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.296899, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:43.296992, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:43.297096, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.297215, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 08 00 02 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:43.299478, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.299579, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.299684, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.299798, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.299902, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.301838, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.302037, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.302084, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:43.302130, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:43.302191, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00020008 (131080) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 1: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:43.302848, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:43.302901, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.302984, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:43.303040, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:43.303145, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:43.303201, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 1 printer handles active +[2013/11/07 07:38:43.303242, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.303330, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.303407, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.303473, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:43.303657, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:43.303709, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:43.303815, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.303867, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.303909, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.304008, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.304077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.304309, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.304356, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.304400, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.304440, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.304479, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.304517, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.304673, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.304717, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.304774, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.304814, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.304856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.304894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.304973, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 7B 52 73 35 ....>... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.305054, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003e-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.305244, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003e-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.305969, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 7B 52 73 35 ....>... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.306059, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.306101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.306144, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.306196, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.306254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.306292, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.306368, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.306410, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.306452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.306491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.306532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.306570, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.306631, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.306673, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.306715, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.306754, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.306795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.306833, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.306892, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.306933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.306976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.307015, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.307056, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.307093, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.307166, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.307216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.307260, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.307299, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.307342, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.307380, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.307440, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.307483, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.307525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.307565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.307606, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.307644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.307711, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.307754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.307798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.307837, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.307879, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.307916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.307983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.308025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.308075, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.308115, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.308155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.308195, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.308239, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 7B 52 73 35 ....?... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.308319, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003f-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.308487, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:43.308547, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003f-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.308679, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 7B 52 73 35 ....?... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.308757, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 7B 52 73 35 ....?... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.308833, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.308874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.308915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.309078, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003e-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.309217, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 7B 52 73 35 ....>... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.309295, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 7B 52 73 35 ....>... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.309429, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.309472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.309527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.309690, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.309739, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003d-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.309890, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.309943, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.309986, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.310198, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:43.310251, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:43.310295, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.310338, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:43.310399, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:43.310819, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:43.310868, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:43.310909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.310955, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:43.310997, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.311042, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/41/127 +[2013/11/07 07:38:43.314505, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.314737, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 41 (position 41) from bitmap +[2013/11/07 07:38:43.314880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 41 +[2013/11/07 07:38:43.315037, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.315149, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.317198, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.318029, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.318162, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 41, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.318271, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 259150985 +[2013/11/07 07:38:43.318388, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.318488, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.318591, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.318687, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.318785, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.318886, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.318980, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.319076, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.319210, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.319306, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.319402, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.319508, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.319630, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.332760, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.332803, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.332851, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.332897, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.332939, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.333755, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.333955, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.334002, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.334046, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.334096, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003d-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.343252, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.343336, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.343413, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.343546, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.343601, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.343644, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.343742, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.343816, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.344061, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.344106, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.344152, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.344192, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.344230, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.344269, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.344427, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.344473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.344520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.344560, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.344601, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.344639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.344719, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 7B 52 73 35 ....@... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.344801, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000040-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.344986, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000040-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.345526, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 7B 52 73 35 ....@... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.345609, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.345650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.345693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.345732, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.345774, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.345811, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.345883, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.345925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.345967, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.346006, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.346046, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.346083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.346144, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.346185, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.346228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.346274, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.346316, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.346354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.346413, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.346455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.346498, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.346536, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.346577, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.346614, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.346686, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.346728, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.346771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.346811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.346853, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.346890, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.346950, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.346993, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.347040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.347080, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.347123, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.347163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.347241, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.347284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.347330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.347370, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.347413, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.347451, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.347521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.347563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.347604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.347644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.347684, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.347724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.347767, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.347845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.348023, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.348246, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.348328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.348371, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.348434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.348479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.348521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.348563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.348606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.348648, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.348690, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.348732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.348775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.348817, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.348860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.348903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.348945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.348988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.349052, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.349587, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.349968, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.350048, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.350097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.350504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.350876, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.350954, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.351000, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.351359, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.351737, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.351815, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.351859, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.352318, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.352690, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.352840, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.352898, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.353294, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.353715, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.353794, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.353841, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.354804, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.355178, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.355256, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.355302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.355935, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.356306, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.356384, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.356430, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.357065, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.357526, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.357607, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.357654, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.358062, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.358436, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.358514, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.358561, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.363068, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.363444, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.363522, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.363568, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.364202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.364575, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.364651, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.364698, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.365099, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.365514, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.365593, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.365639, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.366031, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.366412, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.366489, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.366534, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.366960, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.367308, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.367386, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.367427, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.367480, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.367521, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.367743, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.367969, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.368011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.368054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.368093, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.368133, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.368170, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.368245, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 7B 52 73 35 ....B... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.368324, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000042-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.368492, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000042-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.368938, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 7B 52 73 35 ....B... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.369019, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.369059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.369101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.369139, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.369179, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.369216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.369280, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.369321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.369389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.369445, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.369486, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.369524, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.369586, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.369627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.369669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.369721, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.369762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.369799, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.369856, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.369897, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.369940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.369978, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.370018, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.370055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.370125, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.370166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.370209, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.370250, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.370292, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.370329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.370389, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.370430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.370474, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.370514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.370556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.370602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.370668, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.370710, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.370755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.370794, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.370836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.370874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.370945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.370989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.371029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.371070, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.371109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.371149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.371192, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 7B 52 73 35 ....C... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.371270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000043-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.371444, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000043-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.371792, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 7B 52 73 35 ....C... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.371871, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.371910, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.371950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.371992, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.372051, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.372095, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.372137, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.372179, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.372221, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.372263, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.372305, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.372347, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.372389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.372432, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.372482, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.372525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.372567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.372611, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.372824, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000043-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.373179, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 7B 52 73 35 ....C... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.373256, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.373296, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.373340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.377807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000043-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.377941, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 7B 52 73 35 ....C... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.378020, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 7B 52 73 35 ....C... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.378097, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.378141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.378182, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.378344, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000042-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.378480, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 7B 52 73 35 ....B... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.378558, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 7B 52 73 35 ....B... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.378634, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.378674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.378714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.378876, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000041-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.379006, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.379083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 7B 52 73 35 ....A... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.379160, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.379203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.379244, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.379405, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000040-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.379542, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 7B 52 73 35 ....@... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.379621, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 7B 52 73 35 ....@... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.379697, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.379737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.379794, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.379956, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.380026, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:1328(print_cache_expired) + print_cache_expired: cache expired for queue printer7 (last_qscan_time = 1383806272, time now = 1383806323, qcachetime = 30) +[2013/11/07 07:38:43.380099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:1745(print_queue_update) + print_queue_update: Sending message -> printer = printer7, type = 8, lpq command = [printer7] lprm command = [] +[2013/11/07 07:38:43.380194, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/messages_local.c:282(messaging_tdb_store) + messaging_tdb_store: +[2013/11/07 07:38:43.380238, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + array: struct messaging_array + num_messages : 0x00000001 (1) + messages: ARRAY(1) + messages: struct messaging_rec + msg_version : 0x00000002 (2) + msg_type : MSG_PRINTER_UPDATE (517) + dest: struct server_id + pid : 0x00000000000051b3 (20915) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + src: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + buf : DATA_BLOB length=23 + [0000] 70 72 69 6E 74 65 72 37 00 08 00 00 00 70 72 69 printer7 .....pri + [0010] 6E 74 65 72 37 00 00 nter7.. +[2013/11/07 07:38:43.380673, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:75(messaging_tdb_signal_handler) + messaging_tdb_signal_handler: sig[10] count[1] msgs[1] +[2013/11/07 07:38:43.380736, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:496(message_dispatch) + message_dispatch: received_messages = 1 +[2013/11/07 07:38:43.380821, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:242(messaging_tdb_fetch) + messaging_tdb_fetch: +[2013/11/07 07:38:43.380863, 1, pid=20915, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + result: struct messaging_array + num_messages : 0x00000001 (1) + messages: ARRAY(1) + messages: struct messaging_rec + msg_version : 0x00000002 (2) + msg_type : MSG_PRINTER_UPDATE (517) + dest: struct server_id + pid : 0x00000000000051b3 (20915) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + src: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + buf : DATA_BLOB length=23 + [0000] 70 72 69 6E 74 65 72 37 00 08 00 00 00 70 72 69 printer7 .....pri + [0010] 6E 74 65 72 37 00 00 nter7.. +[2013/11/07 07:38:43.381259, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1535(print_queue_update_with_lock) + print_queue_update_with_lock: printer share = printer7 +[2013/11/07 07:38:43.381312, 4, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1328(print_cache_expired) + print_cache_expired: cache expired for queue printer7 (last_qscan_time = 1383806272, time now = 1383806323, qcachetime = 30) +[2013/11/07 07:38:43.381454, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1160(set_updating_pid) + set_updating_pid: updating lpq cache for print share printer7 +[2013/11/07 07:38:43.381523, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1383(print_queue_update_internal) + print_queue_update_internal: printer = printer7, type = 8, lpq command = [printer7] +[2013/11/07 07:38:43.381590, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/print_cups.c:1113(cups_queue_get) + cups_queue_get(printer7, 0x7fff68d2bb48, 0x7fff68d2bc60) +[2013/11/07 07:38:43.381646, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/print_cups.c:130(cups_connect) + connecting to cups server localhost:631 +[2013/11/07 07:38:43.384266, 3, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1402(print_queue_update_internal) + print_queue_update_internal: 0 jobs in queue for printer7 +[2013/11/07 07:38:43.384475, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1478(print_queue_update_internal) + print_queue_update_internal: printer printer7 INFO/total_jobs = 0 +[2013/11/07 07:38:43.384546, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1160(set_updating_pid) + set_updating_pid: not updating lpq cache for print share printer7 +[2013/11/07 07:38:43.384850, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.390136, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.390207, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.390254, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.390491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.390537, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:43.390580, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.390623, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.390678, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.400111, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:43.400155, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:43.400204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:43.400248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.400294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/42/127 +[2013/11/07 07:38:43.401950, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.402031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 42 (position 42) from bitmap +[2013/11/07 07:38:43.402086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 42 +[2013/11/07 07:38:43.402149, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.402208, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.403079, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.403275, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.403327, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 42, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.403369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 259150985 +[2013/11/07 07:38:43.403426, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:43.403470, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:43.403516, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.403741, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:43.403785, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:43.403830, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/43/127 +[2013/11/07 07:38:43.407876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.408090, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 43 (position 43) from bitmap +[2013/11/07 07:38:43.408201, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 43 +[2013/11/07 07:38:43.408336, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.408443, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.410669, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.411189, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.411312, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 43, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.411418, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 259150985 +[2013/11/07 07:38:43.411531, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.411630, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.411732, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.411829, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.411926, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.412025, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.412118, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.412212, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.412316, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.412410, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.412503, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.412607, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.412726, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.428057, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.428110, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.428162, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.428212, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.428254, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.429020, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.429214, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.429261, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.429305, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.429437, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003d-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.438612, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.438696, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.438784, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.438934, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.438991, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.439034, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.439138, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.439215, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.439449, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.439494, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.439538, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.439578, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.439617, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.439655, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.439816, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.439860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.439906, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.439957, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.439998, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.440035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.440118, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 7B 52 73 35 ....D... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.440199, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000044-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.440389, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000044-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.440830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 7B 52 73 35 ....D... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.440911, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.440952, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.440994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.441032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.441081, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.441120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.441189, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.441230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.441272, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.441311, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.441351, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.441490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.441554, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.441597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.441639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.441677, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.441718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.441755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.441812, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.441854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.441896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.441934, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.441975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.442012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.442084, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.442134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.442178, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.442216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.442258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.442295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.442356, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.442398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.442445, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.442484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.442527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.442564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.442635, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.442677, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.442721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.442762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.442804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.442842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.442911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.442953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.442994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.443042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.443083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.443124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.443167, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.443247, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.443424, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.443642, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.443725, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.443767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.443832, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.443877, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.443919, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.443962, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.444004, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.444055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.444098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.444141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.444183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.444226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.444269, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.444312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.444355, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.444398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.444462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.444913, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.445606, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.445694, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.445746, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.446307, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.446686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.446764, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.446823, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.447194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.447564, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.447641, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.447685, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.448148, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.448519, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.448596, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.448642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.449033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.449474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.449552, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.449598, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.450558, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.450927, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.451003, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.451049, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.451678, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.452048, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.452125, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.452170, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.452789, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.453241, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.453320, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.453432, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.453832, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.454203, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.454290, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.454336, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.458874, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.459257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.459335, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.459381, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.460005, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.460386, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.460462, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.460508, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.460900, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.461268, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.461344, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.461463, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.461857, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.462229, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.462306, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.462352, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.462788, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.463135, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.463213, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.463254, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.463299, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.463340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.463560, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.463787, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.463829, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.463881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.463921, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.463961, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.463998, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.464078, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 7B 52 73 35 ....F... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.464158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000046-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.464325, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000046-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.464764, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 7B 52 73 35 ....F... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.464844, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.464884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.464926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.464964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.465012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.465050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.465114, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.465155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.465197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.465235, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.465275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.465311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.465488, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.465544, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.465587, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.465625, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.465666, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.465704, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.465763, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.465804, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.465847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.465885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.465926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.465963, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.466034, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.466086, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.466129, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.466171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.466213, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.466250, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.466311, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.466352, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.466397, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.466438, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.466481, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.466519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.466587, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.466629, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.466674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.466713, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.466755, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.466793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.466862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.466905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.466953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.466994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.467034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.467074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.467117, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 7B 52 73 35 ....G... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.467196, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000047-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.467376, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000047-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.467720, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 7B 52 73 35 ....G... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.467798, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.467837, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.467877, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.467920, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.467994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.468038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.468081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.468123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.468165, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.468207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.468249, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.468291, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.468334, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.468376, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.468418, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.468461, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.468503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.468547, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.468760, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000047-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.469126, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 7B 52 73 35 ....G... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.469203, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.469242, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.469287, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.473802, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000047-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.473938, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 7B 52 73 35 ....G... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.474017, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 7B 52 73 35 ....G... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.474094, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.474139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.474179, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.474341, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000046-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.474470, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 7B 52 73 35 ....F... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.474547, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 7B 52 73 35 ....F... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.474623, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.474663, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.474703, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.474866, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000045-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.475003, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.475081, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 7B 52 73 35 ....E... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.475157, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.475200, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.475240, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.475401, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000044-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.475529, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 7B 52 73 35 ....D... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.475608, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 7B 52 73 35 ....D... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.475684, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.475724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.475785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.475949, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.476108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.481158, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.481222, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.481267, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.481565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.481611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:43.481655, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:43.481698, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.481752, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.491108, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:43.491168, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:43.491209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.491258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:43.491301, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.491347, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/44/127 +[2013/11/07 07:38:43.496852, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.496965, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 44 (position 44) from bitmap +[2013/11/07 07:38:43.497012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 44 +[2013/11/07 07:38:43.497085, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.497130, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.498193, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.498473, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.498536, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 44, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.498581, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 259150985 +[2013/11/07 07:38:43.498630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:43.498697, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:43.498740, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:43.498779, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:43.498818, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.498858, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.498896, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:43.498933, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:43.498975, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.499012, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:43.499049, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:43.499092, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.499143, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.499642, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.499682, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.499725, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.499780, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.499821, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.500658, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.500851, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.500898, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:43.500941, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:43.500987, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000003d-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.501122, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.501211, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.501289, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 7B 52 73 35 ....=... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.501492, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.501540, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.501694, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.501746, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.501788, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.502005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:43.502049, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:43.502091, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:43.502133, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:43.502185, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:43.502617, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:43.502666, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:43.502707, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.502753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:43.502795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.502839, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/45/127 +[2013/11/07 07:38:43.502992, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.503042, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 45 (position 45) from bitmap +[2013/11/07 07:38:43.503085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 45 +[2013/11/07 07:38:43.503225, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.503270, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.504042, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.504232, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.504285, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:43.504337, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.504378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:43.504423, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 80485D58 +[2013/11/07 07:38:43.504480, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d35c370 +[2013/11/07 07:38:43.504558, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:43.504584, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '80485D58' stored +[2013/11/07 07:38:43.504625, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x80485d58 (2152226136) + open_persistent_id : 0x0000000080485d58 (2152226136) + open_volatile_id : 0x000000008288a618 (2189993496) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:44 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:43.505090, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 80485D58 +[2013/11/07 07:38:43.505141, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.505181, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:43.505222, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:43.505246, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x80485d58) stored +[2013/11/07 07:38:43.505284, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x8288a618 (2189993496) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x80485d58 (2152226136) + open_persistent_id : 0x0000000080485d58 (2152226136) + open_volatile_id : 0x000000008288a618 (2189993496) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:44 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:44 2013 CET + compat : NULL +[2013/11/07 07:38:43.505979, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 2189993496 (2 used) +[2013/11/07 07:38:43.506028, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:43.506090, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:43.506140, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss +[2013/11/07 07:38:43.506247, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:43.506291, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:43.506357, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 2189993496 +[2013/11/07 07:38:43.506419, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:43.506620, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/46/127 +[2013/11/07 07:38:43.508219, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.508478, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 46 (position 46) from bitmap +[2013/11/07 07:38:43.508605, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 46 +[2013/11/07 07:38:43.508757, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.508868, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.510915, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.511391, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.511548, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 259150985 +[2013/11/07 07:38:43.511669, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.511767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:43.511876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B6B6FC0C +[2013/11/07 07:38:43.511998, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d355fe0 +[2013/11/07 07:38:43.512128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B6B6FC0C +[2013/11/07 07:38:43.512234, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:43.512331, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:43.512464, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 259150985 (1 used) +[2013/11/07 07:38:43.512609, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:43.512722, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/47/127 +[2013/11/07 07:38:43.514587, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.514687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 47 (position 47) from bitmap +[2013/11/07 07:38:43.514736, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 47 +[2013/11/07 07:38:43.514791, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.514834, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.515667, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.515860, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.515907, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 47, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.515949, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 2189993496 +[2013/11/07 07:38:43.515993, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:43.516034, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:43.516071, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:43.516110, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.516150, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.516188, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:43.516225, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:43.516265, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.516302, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:43.516339, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:43.516379, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.516444, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:43.517340, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:43.517546, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:43.517620, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:43.517687, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:43.517759, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:43.517843, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss +[2013/11/07 07:38:43.517940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:43.518908, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.519259, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:43.519338, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/48/127 +[2013/11/07 07:38:43.521002, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.521224, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 48 (position 48) from bitmap +[2013/11/07 07:38:43.521491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 48 +[2013/11/07 07:38:43.521645, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.521754, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.523894, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.524375, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.524495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 48, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.524599, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2189993496 +[2013/11/07 07:38:43.524713, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.524820, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:43.524932, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.525615, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:43.525763, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:43.525879, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/49/127 +[2013/11/07 07:38:43.527556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.527736, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 49 (position 49) from bitmap +[2013/11/07 07:38:43.527841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 49 +[2013/11/07 07:38:43.527972, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.528075, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.530385, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.530868, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.530994, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 49, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.531129, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.531245, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 1466 +[2013/11/07 07:38:43.531361, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 1466 +[2013/11/07 07:38:43.531463, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1466 +[2013/11/07 07:38:43.531558, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1466 +[2013/11/07 07:38:43.531655, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 1466, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.531756, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.531848, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1450 +[2013/11/07 07:38:43.531942, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1450 +[2013/11/07 07:38:43.532047, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.532140, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1450 +[2013/11/07 07:38:43.532234, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1450, incoming data = 1450 +[2013/11/07 07:38:43.532336, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.532453, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x05ba (1466) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000005a2 (1442) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=1442 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 04 00 02 00 04 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 04 00 00 00 52 00 41 00 57 00 00 00 ........ R.A.W... + [0050] C4 04 00 00 08 00 02 00 C4 04 00 00 5C 00 5C 00 ........ ....\.\. + [0060] 4D 00 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 M.E.M.B. E.R.4.3. + [0070] 5C 00 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 \.p.r.i. n.t.e.r. + [0080] 37 00 00 00 34 00 33 00 5C 00 70 00 72 00 69 00 7...4.3. \.p.r.i. + [0090] 6E 00 74 00 65 00 72 00 37 00 00 00 01 04 03 06 n.t.e.r. 7....... + [00A0] DC 00 E8 03 43 BF 01 02 01 00 09 00 9A 0B 34 08 ....C... ......4. + [00B0] 64 00 01 00 0F 00 58 02 02 00 01 00 58 02 03 00 d.....X. ....X... + [00C0] 01 00 41 00 34 00 00 00 00 00 00 00 00 00 00 00 ..A.4... ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 ........ ........ + [0120] 44 01 00 00 FF FF FF FF 47 49 53 34 00 00 00 00 D....... GIS4.... + [0130] 00 00 00 00 00 00 00 00 44 49 4E 55 22 00 70 01 ........ DINU".p. + [0140] CC 03 1C 00 05 CB 92 77 00 00 00 00 00 00 00 00 .......w ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 70 01 00 00 53 4D 54 4A 00 00 00 00 ....p... SMTJ.... + [03A0] 10 00 60 01 7B 00 45 00 39 00 34 00 31 00 34 00 ..`.{.E. 9.4.1.4. + [03B0] 34 00 46 00 38 00 2D 00 30 00 33 00 41 00 33 00 4.F.8.-. 0.3.A.3. + [03C0] 2D 00 34 00 30 00 36 00 61 00 2D 00 42 00 42 00 -.4.0.6. a.-.B.B. + [03D0] 31 00 46 00 2D 00 30 00 34 00 38 00 43 00 37 00 1.F.-.0. 4.8.C.7. + [03E0] 38 00 32 00 32 00 36 00 38 00 35 00 35 00 7D 00 8.2.2.6. 8.5.5.}. + [03F0] 00 00 49 6E 70 75 74 42 69 6E 00 41 75 74 6F 53 ..InputB in.AutoS + [0400] 65 6C 65 63 74 00 52 45 53 44 4C 4C 00 55 6E 69 elect.RE SDLL.Uni + [0410] 72 65 73 44 4C 4C 00 50 61 70 65 72 53 69 7A 65 resDLL.P aperSize + [0420] 00 4C 45 54 54 45 52 00 4F 72 69 65 6E 74 61 74 .LETTER. Orientat + [0430] 69 6F 6E 00 50 4F 52 54 52 41 49 54 00 4D 65 64 ion.PORT RAIT.Med + [0440] 69 61 54 79 70 65 00 41 75 74 6F 00 52 65 73 6F iaType.A uto.Reso + [0450] 6C 75 74 69 6F 6E 00 36 30 30 44 50 49 00 50 61 lution.6 00DPI.Pa + [0460] 67 65 4F 75 74 70 75 74 51 75 61 6C 69 74 79 00 geOutput Quality. + [0470] 4E 6F 72 6D 61 6C 00 43 6F 6C 6F 72 4D 6F 64 65 Normal.C olorMode + [0480] 00 43 6F 6C 6F 72 00 44 6F 63 75 6D 65 6E 74 4E .Color.D ocumentN + [0490] 55 70 00 31 00 43 6F 6C 6C 61 74 65 00 4F 4E 00 Up.1.Col late.ON. + [04A0] 44 75 70 6C 65 78 00 4E 4F 4E 45 00 4F 75 74 70 Duplex.N ONE.Outp + [04B0] 75 74 42 69 6E 00 41 75 74 6F 00 00 00 00 00 00 utBin.Au to...... + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 1C 00 00 00 56 34 44 4D 01 00 00 00 ........ V4DM.... + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 08 00 00 00 01 00 00 00 01 00 00 00 0C 00 02 00 ........ ........ + [0530] 28 00 00 00 10 00 02 00 14 00 02 00 80 25 00 00 (....... .....%.. + [0540] 03 00 00 00 00 00 00 00 09 00 00 00 0A 00 00 00 ........ ........ + [0550] 00 00 00 00 0A 00 00 00 57 00 49 00 4E 00 38 00 ........ W.I.N.8. + [0560] 31 00 2D 00 32 00 33 00 39 00 00 00 15 00 00 00 1.-.2.3. 9....... + [0570] 00 00 00 00 15 00 00 00 41 00 52 00 33 00 32 00 ........ A.R.3.2. + [0580] 49 00 38 00 5C 00 41 00 64 00 6D 00 69 00 6E 00 I.8.\.A. d.m.i.n. + [0590] 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 i.s.t.r. a.t.o.r. + [05A0] 00 00 .. +[2013/11/07 07:38:43.541884, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.541932, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.541979, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.542026, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.542069, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.542843, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.543034, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.543079, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:43.543123, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:43.543256, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : * + datatype : 'RAW' + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x000004c4 (1220) + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0603 (1539) + size : 0x00dc (220) + __driverextra_length : 0x03e8 (1000) + fields : 0x0201bf43 (33668931) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 0: DEVMODE_SCALE + 0: DEVMODE_POSITION + 1: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 1: DEVMODE_COLOR + 1: DEVMODE_DUPLEX + 1: DEVMODE_YRESOLUTION + 0: DEVMODE_TTOPTION + 1: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 1: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_A4 (9) + paperlength : 0x0b9a (2970) + paperwidth : 0x0834 (2100) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : UNKNOWN_ENUM_VALUE (600) + color : DMRES_COLOR (2) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0258 (600) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_TRUE (1) + formname : 'A4' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : DMNUP_SYSTEM (1) + displayfrequency : 0x00000000 (0) + icmmethod : DMICMMETHOD_NONE (1) + icmintent : DMICM_CONTRAST (2) + mediatype : UNKNOWN_ENUM_VALUE (324) + dithertype : UNKNOWN_ENUM_VALUE (-1) + reserved1 : 0x34534947 (877873479) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=1000 + [0000] 44 49 4E 55 22 00 70 01 CC 03 1C 00 05 CB 92 77 DINU".p. .......w + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 ........ ........ + [0030] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 70 01 00 00 ........ ....p... + [0260] 53 4D 54 4A 00 00 00 00 10 00 60 01 7B 00 45 00 SMTJ.... ..`.{.E. + [0270] 39 00 34 00 31 00 34 00 34 00 46 00 38 00 2D 00 9.4.1.4. 4.F.8.-. + [0280] 30 00 33 00 41 00 33 00 2D 00 34 00 30 00 36 00 0.3.A.3. -.4.0.6. + [0290] 61 00 2D 00 42 00 42 00 31 00 46 00 2D 00 30 00 a.-.B.B. 1.F.-.0. + [02A0] 34 00 38 00 43 00 37 00 38 00 32 00 32 00 36 00 4.8.C.7. 8.2.2.6. + [02B0] 38 00 35 00 35 00 7D 00 00 00 49 6E 70 75 74 42 8.5.5.}. ..InputB + [02C0] 69 6E 00 41 75 74 6F 53 65 6C 65 63 74 00 52 45 in.AutoS elect.RE + [02D0] 53 44 4C 4C 00 55 6E 69 72 65 73 44 4C 4C 00 50 SDLL.Uni resDLL.P + [02E0] 61 70 65 72 53 69 7A 65 00 4C 45 54 54 45 52 00 aperSize .LETTER. + [02F0] 4F 72 69 65 6E 74 61 74 69 6F 6E 00 50 4F 52 54 Orientat ion.PORT + [0300] 52 41 49 54 00 4D 65 64 69 61 54 79 70 65 00 41 RAIT.Med iaType.A + [0310] 75 74 6F 00 52 65 73 6F 6C 75 74 69 6F 6E 00 36 uto.Reso lution.6 + [0320] 30 30 44 50 49 00 50 61 67 65 4F 75 74 70 75 74 00DPI.Pa geOutput + [0330] 51 75 61 6C 69 74 79 00 4E 6F 72 6D 61 6C 00 43 Quality. Normal.C + [0340] 6F 6C 6F 72 4D 6F 64 65 00 43 6F 6C 6F 72 00 44 olorMode .Color.D + [0350] 6F 63 75 6D 65 6E 74 4E 55 70 00 31 00 43 6F 6C ocumentN Up.1.Col + [0360] 6C 61 74 65 00 4F 4E 00 44 75 70 6C 65 78 00 4E late.ON. Duplex.N + [0370] 4F 4E 45 00 4F 75 74 70 75 74 42 69 6E 00 41 75 ONE.Outp utBin.Au + [0380] 74 6F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 to...... ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 ........ ........ + [03D0] 56 34 44 4D 01 00 00 00 00 00 00 00 00 00 00 00 V4DM.... ........ + [03E0] 00 00 00 00 00 00 00 00 ........ + access_mask : 0x00000008 (8) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 1: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:43.547178, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:43.547232, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.547312, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:43.547368, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:43.547470, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:43.547527, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 1 printer handles active +[2013/11/07 07:38:43.547567, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.547645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.547722, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.547789, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:43.547964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:43.548026, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:43.548134, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.548186, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.548229, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.548324, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.548392, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.548622, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.548667, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.548711, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.548751, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.548790, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.548829, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.548981, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.549026, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.549072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.549111, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.549152, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.549190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.549269, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 7B 52 73 35 ....I... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.549430, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000049-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.549626, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000049-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.550072, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 7B 52 73 35 ....I... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.550154, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.550195, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.550237, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.550275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.550316, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.550353, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.550425, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.550467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.550508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.550556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.550597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.550634, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.550695, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.550736, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.550778, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.550816, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.550857, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.550895, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.550953, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.550994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.551036, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.551074, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.551116, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.551153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.551225, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.551267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.551309, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.551349, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.551392, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.551437, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.551498, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.551539, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.551583, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.551622, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.551665, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.551703, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.551771, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.551813, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.551856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.551895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.551937, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.551974, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.552042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.552084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.552125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.552165, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.552205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.552246, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.552290, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 7B 52 73 35 ....J... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.552376, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004a-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.552538, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:43.552595, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004a-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.552727, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 7B 52 73 35 ....J... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.552804, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 7B 52 73 35 ....J... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.552880, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.552921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.552961, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.553125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000049-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.553337, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 7B 52 73 35 ....I... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.553488, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 7B 52 73 35 ....I... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.553568, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.553618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.553673, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.553837, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.553893, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.554045, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.554097, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.554140, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 1450 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 1466 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.554364, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 1466 +[2013/11/07 07:38:43.554407, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:43.554449, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.554490, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:43.554542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:43.554966, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:43.555014, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:43.555055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.555100, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:43.555142, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.555187, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/50/127 +[2013/11/07 07:38:43.585501, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.585859, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 50 (position 50) from bitmap +[2013/11/07 07:38:43.585997, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 50 +[2013/11/07 07:38:43.586167, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.586293, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.588498, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.588992, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.589178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 50, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.589285, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.589600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.589706, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.589811, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.589907, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.590004, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.590104, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.590199, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.590294, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.590399, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.590493, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.590587, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.590692, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.590840, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.607099, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.607147, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.607196, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.607246, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.607288, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.608061, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.608264, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.608313, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.608357, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.608407, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.617659, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.617743, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.617821, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.617965, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.618021, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.618065, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.618226, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.618307, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.618540, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.618585, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.618630, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.618682, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.618721, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.618761, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.618928, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.618973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.619019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.619059, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.619100, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.619138, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.619224, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 7B 52 73 35 ....K... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.619305, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004b-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.619498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004b-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.619942, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 7B 52 73 35 ....K... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.620035, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.620076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.620119, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.620157, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.620198, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.620235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.620304, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.620345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.620388, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.620425, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.620466, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.620503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.620564, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.620604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.620647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.620684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.620725, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.620762, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.620821, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.620862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.620913, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.620952, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.620993, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.621031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.621104, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.621145, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.621189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.621231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.621274, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.621312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.621456, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.621505, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.621636, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.621678, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.621722, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.621760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.621833, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.621876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.621921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.621961, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.622020, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.622058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.622128, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.622171, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.622212, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.622253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.622293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.622333, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.622378, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.622457, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.622642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.622859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.622942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.622985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.623057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.623101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.623144, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.623186, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.623228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.623271, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.623313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.623356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.623399, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.623441, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.623484, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.623526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.623568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.623612, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.623677, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.624136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.624512, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.624589, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.624636, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.625033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.625494, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.625574, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.625619, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.625982, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.626354, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.626431, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.626476, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.626940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.627314, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.627390, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.627436, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.627960, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.628335, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.628412, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.628458, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.629518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.629893, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.629971, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.630016, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.630668, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.631056, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.631145, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.631191, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.631824, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.632195, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.632271, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.632316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.632706, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.633088, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.633165, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.633210, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.637786, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.638160, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.638238, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.638284, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.638918, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.639289, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.639365, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.639411, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.639805, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.640182, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.640258, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.640303, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.640695, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.641065, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.641141, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.641194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.641689, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.642037, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.642114, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.642155, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.642201, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.642241, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.642475, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.642703, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.642745, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.642789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.642827, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.642868, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.642905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.643142, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 7B 52 73 35 ....M... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.643226, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004d-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.643402, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004d-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.643855, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 7B 52 73 35 ....M... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.644007, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.644049, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.644091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.644130, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.644171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.644208, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.644275, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.644316, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.644358, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.644396, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.644435, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.644473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.644534, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.644574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.644616, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.644655, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.644695, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.644732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.644789, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.644830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.644882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.644920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.644962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.644999, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.645071, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.645112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.645155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.645196, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.645237, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.645275, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.645336, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.645423, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.645470, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.645510, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.645552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.645589, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.645657, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.645699, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.645744, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.645791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.645835, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.645872, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.645942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.645985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.646026, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.646066, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.646106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.646146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.646189, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 7B 52 73 35 ....N... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.646267, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004e-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.646447, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004e-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.646786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 7B 52 73 35 ....N... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.646871, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.646912, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.646953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.646995, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.647055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.647099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.647142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.647184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.647226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.647269, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.647311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.647353, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.647396, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.647438, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.647481, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.647523, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.647565, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.647609, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.647829, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004e-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.648185, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 7B 52 73 35 ....N... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.648262, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.648300, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.648345, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.652748, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004e-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.652883, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 7B 52 73 35 ....N... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.652962, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 7B 52 73 35 ....N... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.653038, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.653082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.653123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.653284, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004d-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.653479, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 7B 52 73 35 ....M... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.653636, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 7B 52 73 35 ....M... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.653723, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.653765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.653806, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.653974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004c-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.654105, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.654183, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 7B 52 73 35 ....L... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.654259, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.654303, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.654343, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.654504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004b-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.654633, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 7B 52 73 35 ....K... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.654710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 7B 52 73 35 ....K... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.654786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.654834, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.654895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.655058, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.655220, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.660254, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.660321, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.660368, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.660594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.660638, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:43.660682, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:43.660724, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.660779, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.670202, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:43.670247, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:43.670303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:43.670346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.670392, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/51/127 +[2013/11/07 07:38:43.671916, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.672005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 51 (position 51) from bitmap +[2013/11/07 07:38:43.672050, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 51 +[2013/11/07 07:38:43.672116, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.672166, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.672942, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.673150, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.673202, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 51, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.673244, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2189993496 +[2013/11/07 07:38:43.673292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:43.673336, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:43.673484, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.673706, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:43.673751, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:43.673795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/52/127 +[2013/11/07 07:38:43.677176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.677586, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 52 (position 52) from bitmap +[2013/11/07 07:38:43.677723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 52 +[2013/11/07 07:38:43.677864, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.677975, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.679927, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.680420, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.680541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 52, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.680646, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.680759, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.680860, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.680963, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.681059, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.681155, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.681255, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.681349, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.681610, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.681719, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.681833, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.681931, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.682037, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.682178, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.693600, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.693642, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.693689, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.693735, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.693777, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.694548, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.694741, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.694787, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.694830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.694880, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.704176, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.704261, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.704338, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.704476, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.704531, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.704573, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.704675, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.704750, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.704994, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.705038, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.705082, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.705121, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.705160, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.705198, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.705445, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.705497, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.705543, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.705582, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.705624, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.705661, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.705745, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 7B 52 73 35 ....O... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.705828, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004f-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.706018, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004f-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.706474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 7B 52 73 35 ....O... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.706556, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.706596, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.706638, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.706676, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.706717, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.706754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.706822, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.706864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.706905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.706943, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.707148, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.707190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.707255, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.707296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.707339, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.707377, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.707417, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.707464, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.707523, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.707564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.707607, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.707645, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.707685, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.707723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.707795, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.707837, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.707880, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.707922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.707966, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.708003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.708065, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.708106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.708151, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.708190, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.708233, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.708270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.708339, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.708389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.708434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.708473, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.708515, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.708553, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.708622, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.708664, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.708705, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.708745, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.708784, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.708824, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.708867, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.708946, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.709125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.709342, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.709510, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.709555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.709621, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.709665, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.709707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.709749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.709791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.709833, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.709875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.709918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.709960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.710003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.710045, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.710088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.710131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.710174, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.710238, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.710698, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.711075, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.711153, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.711200, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.711595, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.711972, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.712049, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.712094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.712453, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.712822, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.712906, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.712951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.713463, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.713836, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.713914, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.713960, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.714367, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.714738, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.714815, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.714862, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.715818, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.716189, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.716267, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.716314, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.716948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.717317, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.717457, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.717505, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.718137, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.718562, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.718642, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.718688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.719088, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.719457, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.719534, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.719580, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.724067, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.724439, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.724517, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.724563, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.725191, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.725606, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.725685, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.725730, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.726121, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.726496, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.726572, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.726618, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.727006, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.727382, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.727459, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.727504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.727931, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.728274, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.728350, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.728390, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.728435, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.728482, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.728705, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.728930, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.728972, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.729014, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.729053, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.729092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.729130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.729207, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 7B 52 73 35 ....Q... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.729286, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000051-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.729504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000051-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.729951, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 7B 52 73 35 ....Q... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.730032, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.730072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.730114, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.730151, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.730191, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.730228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.730293, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.730334, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.730376, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.730413, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.730453, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.730490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.730549, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.730590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.730632, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.730669, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.730709, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.730754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.730812, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.730853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.730896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.730934, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.730974, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.731012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.731082, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.731123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.731166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.731206, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.731248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.731285, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.731346, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.731387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.731431, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.731470, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.731512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.731550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.731623, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.731665, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.731710, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.731749, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.731790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.731827, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.731895, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.731937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.731977, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.732017, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.732057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.732097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.732139, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 7B 52 73 35 ....R... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.732216, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000052-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.732388, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000052-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.732735, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 7B 52 73 35 ....R... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.732812, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.732851, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.732891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.732933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.732992, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.733035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.733077, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.733119, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.733161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.733202, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.733244, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.733286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.733329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.733441, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.733488, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.733531, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.733582, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.733626, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.733845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000052-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.734201, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 7B 52 73 35 ....R... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.734278, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.734317, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.734361, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.738801, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000052-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.738935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 7B 52 73 35 ....R... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.739013, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 7B 52 73 35 ....R... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.739089, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.739134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.739175, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.739337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000051-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.739473, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 7B 52 73 35 ....Q... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.739551, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 7B 52 73 35 ....Q... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.739627, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.739667, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.739707, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.739869, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000050-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.739998, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.740075, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 7B 52 73 35 ....P... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.740152, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.740195, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.740235, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.740395, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000004f-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.740523, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 7B 52 73 35 ....O... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.740607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 7B 52 73 35 ....O... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.740684, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.740724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.740785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.740945, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.741100, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.746211, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.746276, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.746321, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.746548, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.746593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:43.746638, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:43.746682, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.746736, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.756179, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:43.756239, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:43.756281, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.756329, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:43.756372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.756418, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/53/127 +[2013/11/07 07:38:43.765154, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.765524, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 53 (position 53) from bitmap +[2013/11/07 07:38:43.765640, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 53 +[2013/11/07 07:38:43.765786, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.765896, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.767840, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.768318, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.768441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 53, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.768546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.768660, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.768758, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.768862, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.768957, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.769054, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.769154, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.769246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.769341, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.769644, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.769746, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.769842, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.769946, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.770071, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.786459, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.786500, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.786547, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.786602, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.786644, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.787406, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.787604, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.787651, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.787695, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.787744, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.797068, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.797155, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.797232, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.797445, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.797506, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.797550, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.797652, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.797727, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.797968, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.798014, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.798058, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.798108, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.798148, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.798187, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.798349, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.798394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.798439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.798478, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.798519, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.798557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.798675, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 7B 52 73 35 ....S... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.798760, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000053-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.798950, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000053-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.799395, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 7B 52 73 35 ....S... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.799486, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.799528, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.799570, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.799608, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.799649, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.799686, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.799755, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.799796, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.799839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.799877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.799918, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.799955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.800016, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.800057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.800100, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.800137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.800178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.800216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.800274, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.800315, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.800358, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.800404, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.800446, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.800483, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.800556, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.800597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.800640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.800683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.800726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.800763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.800824, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.800866, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.800910, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.800949, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.800991, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.801029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.801097, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.801139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.801183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.801222, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.801273, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.801312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.801597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.801664, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.801707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.801747, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.801788, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.801829, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.801873, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.801953, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.802136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.802353, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.802434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.802477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.802553, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.802599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.802642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.802684, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.802727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.802769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.802811, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.802854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.802896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.802939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.802981, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.803024, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.803066, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.803109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.803174, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.803701, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.804160, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.804240, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.804287, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.804688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.805071, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.805147, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.805192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.805633, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.806009, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.806087, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.806132, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.806596, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.806968, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.807044, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.807089, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.807657, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.808031, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.808109, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.808157, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.809121, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.809550, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.809629, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.809675, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.810312, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.810683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.810760, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.810805, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.811437, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.811808, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.811884, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.811930, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.812320, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.812698, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.812774, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.812819, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.817502, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.817877, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.817955, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.818001, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.818691, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.819064, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.819141, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.819188, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.819577, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.819954, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.820031, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.820077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.820467, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.820835, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.820912, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.820968, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.821442, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.821789, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.821867, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.821908, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.821953, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.821993, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.822214, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.822448, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.822489, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.822532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.822571, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.822612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.822649, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.822724, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 7B 52 73 35 ....U... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.822804, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000055-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.822970, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000055-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.823408, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 7B 52 73 35 ....U... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.823496, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.823537, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.823579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.823617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.823657, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.823694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.823758, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.823799, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.823840, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.823878, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.823918, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.823955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.824015, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.824056, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.824098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.824136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.824177, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.824214, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.824271, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.824312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.824363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.824401, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.824442, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.824479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.824550, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.824592, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.824635, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.824675, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.824717, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.824755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.824815, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.824856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.824900, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.824939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.824982, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.825019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.825086, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.825127, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.825171, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.825210, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.825261, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.825298, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.825414, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.825460, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.825502, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.825541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.825581, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.825620, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.825663, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 7B 52 73 35 ....V... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.825741, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000056-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.825912, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000056-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.826252, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 7B 52 73 35 ....V... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.826328, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.826377, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.826418, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.826460, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.826520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.826564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.826606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.826649, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.826691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.826734, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.826776, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.826819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.826862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.826905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.826948, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.826990, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.827033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.827078, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.827297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000056-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.827653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 7B 52 73 35 ....V... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.827730, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.827769, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.827814, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.832251, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000056-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.832386, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 7B 52 73 35 ....V... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.832463, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 7B 52 73 35 ....V... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.832539, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.832583, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.832625, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.832786, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000055-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.832915, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 7B 52 73 35 ....U... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.832992, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 7B 52 73 35 ....U... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.833067, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.833115, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.833155, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.833317, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000054-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.833495, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.833574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 7B 52 73 35 ....T... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.833649, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.833693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.833733, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.833894, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000053-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.834023, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 7B 52 73 35 ....S... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.834100, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 7B 52 73 35 ....S... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.834175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.834215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.834282, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.834445, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.834601, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.839607, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.839668, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.839713, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.839933, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.839977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:43.840021, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:43.840062, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.840116, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.849473, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:43.849531, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:43.849580, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.849629, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:43.849671, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.849716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/54/127 +[2013/11/07 07:38:43.853490, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.853576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 54 (position 54) from bitmap +[2013/11/07 07:38:43.853620, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 54 +[2013/11/07 07:38:43.853682, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.853727, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.854618, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.854827, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.854880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 54, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.854922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.855009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.855050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.855092, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.855130, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.855169, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.855210, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.855247, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.855285, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.855327, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.855365, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.855402, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.855444, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.855493, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.864964, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.865006, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.865053, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.865099, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.865141, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.865973, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.866162, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.866207, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.866250, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.866307, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.875522, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.875605, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.875682, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.875812, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.875868, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.875909, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.876003, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.876073, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.876302, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.876346, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.876390, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.876429, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.876468, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.876506, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.876658, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.876712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.876758, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.876797, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.876838, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.876875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.876951, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 7B 52 73 35 ....W... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.877032, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000057-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.877214, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000057-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.877764, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 7B 52 73 35 ....W... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.877848, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.877889, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.877931, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.877979, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.878021, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.878058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.878129, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.878171, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.878213, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.878250, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.878290, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.878328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.878389, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.878430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.878472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.878510, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.878551, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.878588, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.878674, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.878717, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.878760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.879207, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.879249, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.879286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.879366, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.879408, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.879451, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.879490, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.879532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.879570, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.879629, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.879671, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.879714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.879753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.879794, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.879831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.879900, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.879942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.879985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.880023, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.880065, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.880102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.880168, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.880218, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.880260, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.880301, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.880341, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.880381, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.880424, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.880502, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.880676, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.880892, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.880973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.881015, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.881077, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.881120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.881163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.881205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.881255, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.881298, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.881340, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.881439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.881482, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.881525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.881568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.881610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.881651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.881694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.881758, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.882203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.882588, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.882666, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.882712, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.883108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.883480, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.883566, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.883611, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.883969, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.884339, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.884417, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.884462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.884924, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.885293, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.885420, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.885468, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.885858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.886237, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.886314, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.886358, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.887307, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.887677, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.887753, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.887797, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.888425, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.888795, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.888872, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.888916, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.889633, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.890006, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.890083, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.890128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.890517, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.890894, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.890971, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.891015, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.895472, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.895849, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.895927, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.895972, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.896589, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.896965, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.897042, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.897086, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.897527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.897898, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.897983, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.898028, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.898415, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.898786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.898863, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.898908, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.899338, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.899683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.899761, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.899801, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.899846, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:43.899886, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:43.900104, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.900329, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.900383, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.900426, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.900465, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.900504, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.900541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.900612, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 7B 52 73 35 ....Y... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.900694, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000059-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.900860, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000059-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.901298, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 7B 52 73 35 ....Y... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.901450, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.901493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.901536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.901582, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.901623, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.901660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.901726, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.901768, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.901810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.901848, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.901888, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.901926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.901986, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.902028, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.902071, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.902109, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.902150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.902187, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.902246, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.902287, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.902330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.902367, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.902408, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.902445, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.902524, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.902566, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.902609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.902647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.902689, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.902726, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.902784, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.902826, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:43.902869, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.902907, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.902949, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.902987, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.903052, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.903093, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:43.903136, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.903175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.903216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.903254, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.903320, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:43.903373, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:43.903415, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.903455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.903495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.903535, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.903580, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 7B 52 73 35 ....Z... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.903658, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005a-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.903836, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005a-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.904256, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 7B 52 73 35 ....Z... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.904337, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.904377, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.904419, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.904470, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.904533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.904576, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.904619, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.904662, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.904704, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.904747, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.904789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.904832, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.904875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.904918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.904960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.905003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.905045, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.905090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:43.905306, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005a-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:43.905730, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 7B 52 73 35 ....Z... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.905809, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.905850, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:43.905895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:43.910492, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005a-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.910631, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 7B 52 73 35 ....Z... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.910759, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 7B 52 73 35 ....Z... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.910838, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.910884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.910926, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.911090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000059-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.911221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 7B 52 73 35 ....Y... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.911298, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 7B 52 73 35 ....Y... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.911374, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.911414, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.911454, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.911627, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000058-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.911758, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.911836, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 7B 52 73 35 ....X... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.911912, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.911955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:43.911996, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.912158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000057-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:43.912288, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 7B 52 73 35 ....W... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.912365, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 7B 52 73 35 ....W... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.912441, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:43.912481, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:43.912539, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:43.912700, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:43.912859, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:43.917949, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:43.918011, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.918055, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:43.918276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:43.918321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:43.918365, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:43.918407, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:43.918461, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:43.927884, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:43.927944, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:43.927986, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:43.928035, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:43.928078, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:43.928132, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/55/127 +[2013/11/07 07:38:43.947087, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:43.947333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 55 (position 55) from bitmap +[2013/11/07 07:38:43.947448, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 55 +[2013/11/07 07:38:43.947594, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.947703, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.949934, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.950660, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:43.950798, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 55, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:43.950906, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:43.951063, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:43.951164, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:43.951267, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:43.951363, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:43.951461, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:43.951561, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:43.951655, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.951750, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:43.951854, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:43.951948, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:43.952044, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:43.952148, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:43.952269, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:43.970123, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:43.970176, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:43.970234, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.970284, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.970327, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:43.971093, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:43.971286, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:43.971334, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:43.971378, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:43.971429, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:43.980595, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.980686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.980764, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:43.980908, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:43.980964, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:43.981006, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:43.981110, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:43.981186, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.981489, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:43.981536, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.981581, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:43.981622, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:43.981661, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:43.981875, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:43.982046, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:43.982092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:43.982139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:43.982178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:43.982219, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.982270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:43.982356, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 7B 52 73 35 ....[... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.982438, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005b-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.982631, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005b-0000-0000-7b52-7335c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:43.983075, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 7B 52 73 35 ....[... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.983156, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:43.983197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:43.983239, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.983278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.983319, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.983357, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:43.983425, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:43.983475, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:43.983519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.983557, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.983597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.983635, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:43.983697, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:43.983738, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:43.983781, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.983819, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.983860, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.983897, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:43.983955, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:43.983996, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:43.984039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.984076, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.984117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.984154, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:43.984226, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:43.984267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:43.984311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.984361, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.984406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.984443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:43.984505, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:43.984547, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:43.984592, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.984632, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.984675, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.984713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:43.984783, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:43.984824, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:43.984869, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.984910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.984952, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:43.984990, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.985059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:43.985102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:43.985144, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:43.985185, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:43.985224, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:43.985273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:43.985317, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.985461, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + result : WERR_OK +[2013/11/07 07:38:43.985641, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:43.985857, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.985939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:43.985982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.986047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:43.986091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:43.986134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:43.986177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:43.986219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:43.986261, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:43.986304, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:43.986356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:43.986400, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:43.986443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:43.986485, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:43.986528, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:43.986571, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:43.986614, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.986679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:43.987126, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.987512, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.987590, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.987637, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.988034, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.988407, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.988484, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.988529, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:43.988895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.989267, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.989345, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.989458, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:43.989921, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.990304, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.990381, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.990428, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.990821, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.991202, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.991279, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.991325, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:43.992279, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.992660, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.992737, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.992783, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.993464, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.993846, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.993924, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.993969, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:43.994594, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.994973, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.995051, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.995097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:43.995488, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:43.995859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:43.995936, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:43.995988, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.000503, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.000886, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.000964, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.001011, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.001736, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.002118, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.002197, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.002243, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.002636, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.003006, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.003084, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.003130, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.003531, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.003902, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.003979, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.004024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.004524, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.004883, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.004962, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.005004, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.005050, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.005090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.005313, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.005586, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.005630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.005673, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.005712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.005752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.005798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.005872, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 7B 52 74 35 ....]... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.005953, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005d-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.006124, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005d-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.006562, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 7B 52 74 35 ....]... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.006643, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.006683, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.006725, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.006764, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.006804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.006842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.006913, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.006956, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.006999, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.007037, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.007077, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.007115, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.007175, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.007217, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.007260, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.007298, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.007338, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.007376, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.007434, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.007475, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.007518, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.007556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.007597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.007634, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.007868, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.007921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.007965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.008014, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.008057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.008096, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.008157, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.008199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.008246, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.008286, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.008328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.008366, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.008433, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.008475, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.008521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.008561, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.008603, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.008642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.008712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.008838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.008882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.008923, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.008964, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.009013, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.009057, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 7B 52 74 35 ....^... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.009137, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005e-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.009321, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.009720, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 7B 52 74 35 ....^... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.009801, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.009841, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.009882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.009925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.009988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.010032, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.010084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.010127, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.010170, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.010213, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.010256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.010299, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.010342, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.010385, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.010428, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.010471, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.010514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.010558, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.010775, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.011142, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 7B 52 74 35 ....^... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.011220, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.011260, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.011305, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.015815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005e-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.015960, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 7B 52 74 35 ....^... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.016040, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 7B 52 74 35 ....^... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.016117, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.016162, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.016203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.016365, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005d-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.016495, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 7B 52 74 35 ....]... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.016573, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 7B 52 74 35 ....]... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.016649, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.016689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.016730, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.016894, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005c-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:44.017024, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.017109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 7B 52 73 35 ....\... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.017185, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.017228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.017269, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.017477, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005b-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:44.017608, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 7B 52 73 35 ....[... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.017686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 7B 52 73 35 ....[... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.017762, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.017802, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.017862, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.018025, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.018182, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.023339, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.023405, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.023450, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.023683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.023728, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.023772, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.023814, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.023869, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.033175, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.033233, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.033276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.033325, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.033412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.033462, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/56/127 +[2013/11/07 07:38:44.037241, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.037750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 56 (position 56) from bitmap +[2013/11/07 07:38:44.037821, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 56 +[2013/11/07 07:38:44.037889, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.037970, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.038829, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.039026, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.039079, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 56, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.039122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.039171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.039211, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.039253, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.039301, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.039381, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.039453, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.039495, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.039533, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.039576, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.039614, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.039651, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.039695, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.039745, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000008 (8) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.049294, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.049338, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.049455, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.049503, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.049545, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.050327, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.050516, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.050562, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.050607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.050656, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.059955, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.060040, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.060118, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.060257, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.060320, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.060364, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.060467, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.060542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.060773, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.060819, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.060864, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.060904, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.060943, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.060983, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.061146, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.061192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.061238, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.061279, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.061321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.061507, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.061599, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 7B 52 74 35 ...._... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.061681, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005f-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.061886, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005f-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.062332, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 7B 52 74 35 ...._... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.062414, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.062455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.062499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.062538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.062579, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.062617, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.062686, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.062729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.062772, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.062810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.062865, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.062904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.062966, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.063008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.063051, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.063090, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.063131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.063168, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.063227, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.063269, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.063313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.063351, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.063393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.063431, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.063504, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.063546, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.063590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.063629, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.063673, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.063710, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.063770, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.063819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.063863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.063902, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.063944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.063982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.064049, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.064091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.064136, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.064175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.064217, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.064254, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.064321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.064364, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.064405, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.064444, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.064484, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.064525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.064568, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.064646, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.064826, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.065040, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.065122, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.065165, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.065227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.065271, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.065313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.065388, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.065452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.065494, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.065536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.065579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.065622, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.065664, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.065713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.065757, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.065799, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.065841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.065907, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.066357, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.066734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.066812, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.066866, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.067263, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.067634, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.067711, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.067755, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.068121, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.068491, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.068568, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.068613, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.069068, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.069516, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.069596, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.069642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.070037, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.070410, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.070488, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.070533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.071492, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.071873, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.071951, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.071997, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.072624, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.073033, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.073112, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.073158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.073872, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.074248, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.074334, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.074379, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.074773, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.075145, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.075222, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.075268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.079766, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.080142, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.080229, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.080276, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.080897, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.081266, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.081343, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.081465, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.081860, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.082233, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.082311, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.082355, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.082756, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.083128, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.083205, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.083252, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.083683, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.084038, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.084115, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.084157, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.084202, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.084243, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.084465, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.084691, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.084732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.084775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.084814, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.084854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.084892, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.084966, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 7B 52 74 35 ....a... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.085046, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000061-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.085222, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000061-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.085712, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 7B 52 74 35 ....a... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.085794, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.085835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.085877, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.085915, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.085955, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.085992, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.086057, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.086099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.086142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.086179, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.086228, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.086266, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.086327, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.086369, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.086411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.086450, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.086491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.086529, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.086588, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.086628, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.086672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.086709, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.086750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.086787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.086858, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.086899, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.086942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.086981, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.087023, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.087060, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.087126, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.087168, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.087213, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.087252, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.087295, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.087332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.087398, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.087440, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.087485, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.087525, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.087566, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.087604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.087672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.087714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.087755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.087795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.087835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.087875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.087918, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 7B 52 74 35 ....b... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.087996, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000062-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.088175, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000062-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.088518, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 7B 52 74 35 ....b... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.088595, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.088634, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.088675, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.088716, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.088775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.088819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.088862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.088904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.088947, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.088989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.089038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.089081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.089124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.089166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.089209, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.089252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.089294, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.089338, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.089594, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000062-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.089953, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 7B 52 74 35 ....b... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.090030, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.090070, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.090123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.094613, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000062-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.094750, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 7B 52 74 35 ....b... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.094828, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 7B 52 74 35 ....b... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.094912, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.094957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.094999, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.095164, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000061-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.095293, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 7B 52 74 35 ....a... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.095370, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 7B 52 74 35 ....a... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.095446, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.095487, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.095527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.095689, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000060-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.095819, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.095896, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 7B 52 74 35 ....`... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.095972, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.096016, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.096065, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.096226, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000005f-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.096355, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 7B 52 74 35 ...._... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.096432, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 7B 52 74 35 ...._... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.096508, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.096549, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.096608, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.096771, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.096926, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.102017, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.102080, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.102126, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.102350, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.102402, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.102446, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.102488, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.102543, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000008 (8) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.112165, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.112233, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.112275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.112324, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.112368, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.112414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/57/127 +[2013/11/07 07:38:44.121235, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.121653, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 57 (position 57) from bitmap +[2013/11/07 07:38:44.121771, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 57 +[2013/11/07 07:38:44.121920, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.122032, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.124255, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.124757, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.124882, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 57, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.124989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.125106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.125206, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.125311, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.125592, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.125693, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.125794, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.125887, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.126004, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.126110, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.126204, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.126298, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.126404, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.126538, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000009 (9) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.138038, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.138080, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.138127, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.138173, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.138215, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.138996, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.139183, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.139230, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.139273, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.139323, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.148590, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.148672, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.148749, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.148887, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.148943, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.148986, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.149089, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.149172, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.149487, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.149534, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.149579, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.149620, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.149659, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.149698, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.149863, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.149908, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.149955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.149994, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.150035, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.150072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.150155, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 7B 52 74 35 ....c... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.150236, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000063-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.150425, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000063-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.150876, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 7B 52 74 35 ....c... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.150958, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.150998, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.151041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.151078, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.151119, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.151156, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.151225, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.151266, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.151308, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.151346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.151387, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.151424, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.151484, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.151525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.151575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.151613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.151654, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.151691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.151749, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.151790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.151832, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.151870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.151912, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.151949, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.152022, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.152063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.152106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.152148, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.152191, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.152229, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.152291, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.152332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.152376, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.152416, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.152466, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.152504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.152573, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.152615, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.152660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.152699, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.152741, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.152779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.152848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.152890, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.152931, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.152971, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.153011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.153051, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.153093, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.153171, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.153342, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.153659, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.153744, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.153788, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.153853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.153898, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.153941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.153983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.154026, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.154069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.154111, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.154154, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.154197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.154239, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.154282, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.154325, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.154368, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.154410, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.154483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.155021, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.155400, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.155478, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.155525, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.155933, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.156304, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.156380, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.156425, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.156784, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.157162, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.157239, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.157283, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.157815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.158188, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.158278, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.158325, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.158719, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.159087, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.159163, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.159209, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.160170, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.160540, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.160617, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.160671, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.161297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.161720, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.161798, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.161844, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.162474, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.162843, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.162920, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.162966, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.163364, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.163733, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.163810, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.163856, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.168361, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.168734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.168811, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.168858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.169572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.169945, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.170022, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.170068, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.170468, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.170838, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.170915, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.170961, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.171350, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.171728, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.171805, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.171851, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.172278, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.172620, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.172696, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.172745, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.172791, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.172831, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.173053, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.173278, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.173320, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.173388, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.173459, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.173500, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.173538, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.173617, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 7B 52 74 35 ....e... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.173698, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000065-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.173868, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000065-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.174315, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 7B 52 74 35 ....e... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.174396, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.174436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.174478, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.174516, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.174556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.174593, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.174658, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.174699, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.174740, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.174778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.174819, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.174856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.174916, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.174957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.175007, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.175045, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.175086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.175124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.175181, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.175222, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.175264, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.175302, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.175343, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.175380, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.175451, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.175493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.175536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.175575, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.175616, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.175654, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.175714, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.175756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.175800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.175839, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.175890, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.175927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.175994, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.176035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.176080, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.176120, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.176161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.176200, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.176268, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.176310, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.176352, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.176392, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.176431, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.176472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.176514, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 7B 52 74 35 ....f... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.176592, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000066-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.176762, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000066-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.177108, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 7B 52 74 35 ....f... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.177185, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.177225, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.177265, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.177308, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.177423, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.177474, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.177517, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.177560, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.177602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.177644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.177686, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.177728, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.177771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.177822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.177865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.177907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.177949, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.177994, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.178211, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000066-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.178568, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 7B 52 74 35 ....f... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.178645, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.178685, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.178730, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.183126, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000066-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.183260, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 7B 52 74 35 ....f... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.183339, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 7B 52 74 35 ....f... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.183414, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.183458, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.183499, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.183669, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000065-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.183799, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 7B 52 74 35 ....e... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.183875, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 7B 52 74 35 ....e... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.183951, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.183991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.184031, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.184194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000064-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.184322, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.184398, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 7B 52 74 35 ....d... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.184474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.184516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.184557, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.184718, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000063-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.184855, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 7B 52 74 35 ....c... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.184932, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 7B 52 74 35 ....c... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.185008, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.185049, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.185109, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.185273, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.185493, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.190584, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.190648, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.190694, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.190921, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.190966, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.191010, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.191053, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.191115, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000009 (9) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.200454, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.200513, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.200554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.200603, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.200645, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.200690, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/58/127 +[2013/11/07 07:38:44.204015, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.204120, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 58 (position 58) from bitmap +[2013/11/07 07:38:44.204166, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 58 +[2013/11/07 07:38:44.204232, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.204283, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.205162, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.205460, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.205521, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 58, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.205565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.205613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.205653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.205694, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.205732, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.205772, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.205812, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.205849, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.205887, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.205929, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.205967, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.206015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.206059, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.206110, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000a (10) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.215659, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.215704, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.215752, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.215800, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.215842, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.216617, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.216806, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.216852, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.216895, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.216945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.226214, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.226298, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.226375, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.226512, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.226567, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.226609, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.226709, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.226783, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.227027, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.227072, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.227116, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.227156, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.227195, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.227234, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.227394, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.227439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.227485, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.227524, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.227566, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.227603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.227683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 7B 52 74 35 ....g... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.227764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000067-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.227950, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000067-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.228401, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 7B 52 74 35 ....g... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.228483, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.228523, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.228565, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.228602, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.228643, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.228679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.228750, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.228792, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.228834, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.228872, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.228912, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.228949, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.229010, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.229052, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.229094, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.229131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.229172, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.229209, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.229274, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.229316, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.229427, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.229472, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.229514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.229551, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.229627, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.229669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.229738, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.229778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.229821, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.229869, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.229930, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.229971, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.230015, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.230054, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.230097, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.230135, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.230202, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.230252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.230297, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.230336, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.230391, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.230430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.230499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.230541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.230582, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.230622, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.230662, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.230702, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.230746, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.230825, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.231000, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.231214, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.231304, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.231348, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.231411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.231456, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.231499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.231541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.231583, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.231625, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.231667, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.231710, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.231752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.231795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.231837, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.231880, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.231922, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.231966, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.232030, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.232483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.232859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.232937, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.232984, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.233423, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.233809, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.233887, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.233933, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.234293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.234662, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.234748, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.234793, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.235251, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.235622, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.235700, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.235866, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.236353, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.236727, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.236805, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.236851, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.238278, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.238661, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.238740, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.238787, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.239427, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.239797, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.239875, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.239920, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.240551, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.240924, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.241002, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.241113, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.241602, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.241979, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.242058, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.242103, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.246626, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.247000, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.247077, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.247123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.247759, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.248130, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.248207, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.248252, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.248645, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.249023, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.249100, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.249145, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.249597, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.249978, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.250057, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.250103, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.250533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.250878, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.250955, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.250996, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.251041, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.251082, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.251312, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.251540, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.251582, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.251625, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.251664, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.251705, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.251742, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.251823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 7B 52 74 35 ....i... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.251904, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000069-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.252072, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000069-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.252519, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 7B 52 74 35 ....i... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.252600, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.252640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.252682, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.252720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.252760, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.252797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.252862, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.252903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.252945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.252983, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.253023, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.253060, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.253120, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.253161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.253203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.253242, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.253282, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.253327, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.253425, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.253468, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.253511, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.253549, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.253590, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.253627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.253699, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.253741, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.253783, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.253822, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.253863, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.253901, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.253962, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.254003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.254047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.254087, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.254129, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.254167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.254234, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.254284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.254329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.254368, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.254410, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.254447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.254516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.254559, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.254600, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.254640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.254680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.254720, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.254763, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 7B 52 74 35 ....j... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.254842, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006a-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.255096, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.255449, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 7B 52 74 35 ....j... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.255527, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.255568, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.255608, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.255650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.255713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.255756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.255798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.255841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.255883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.255925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.255967, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.256009, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.256052, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.256095, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.256137, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.256179, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.256229, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.256273, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.256486, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.256843, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 7B 52 74 35 ....j... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.256921, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.256960, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.257005, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.261443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006a-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.261583, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 7B 52 74 35 ....j... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.261663, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 7B 52 74 35 ....j... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.261740, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.261786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.261827, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.261992, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000069-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.262122, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 7B 52 74 35 ....i... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.262210, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 7B 52 74 35 ....i... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.262286, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.262327, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.262368, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.262530, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000068-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.262677, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.262755, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 7B 52 74 35 ....h... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.262844, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.262888, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.262940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.263102, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000067-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.263231, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 7B 52 74 35 ....g... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.263316, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 7B 52 74 35 ....g... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.263394, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.263435, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.263495, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.263658, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.263815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.268842, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.268907, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.268953, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.269174, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.269219, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.269262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.269304, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.269388, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000a (10) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.278731, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.278789, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.278831, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.278880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.278922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.278968, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/59/127 +[2013/11/07 07:38:44.282494, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.282595, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 59 (position 59) from bitmap +[2013/11/07 07:38:44.282639, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 59 +[2013/11/07 07:38:44.282746, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.282793, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.283603, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.283805, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.283859, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 59, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.283901, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.283949, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.283988, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.284030, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.284068, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.284107, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.284147, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.284185, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.284223, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.284265, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.284303, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.284340, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.284383, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.284433, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000b (11) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.294034, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.294078, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.294126, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.294172, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.294213, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.294974, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.295169, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.295214, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.295257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.295306, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.304587, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.304671, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.304747, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.304870, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.304926, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.304968, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.305068, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.305220, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.305515, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.305561, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.305605, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.305646, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.305695, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.305734, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.305895, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.305940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.305985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.306024, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.306065, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.306103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.306183, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 7B 52 74 35 ....k... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.306264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006b-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.306451, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006b-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.306895, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 7B 52 74 35 ....k... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.306986, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.307027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.307068, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.307106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.307146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.307183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.307251, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.307293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.307334, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.307372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.307412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.307449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.307509, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.307550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.307593, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.307630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.307671, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.307708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.307766, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.307807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.307850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.307895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.307937, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.307976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.308047, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.308089, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.308132, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.308171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.308214, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.308251, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.308310, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.308351, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.308394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.308598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.308647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.308685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.308758, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.308801, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.308845, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.308884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.308926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.308973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.309043, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.309084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.309126, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.309166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.309207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.309248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.309292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.309492, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.309679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.309897, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.309980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.310022, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.310088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.310142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.310185, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.310227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.310269, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.310312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.310354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.310397, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.310440, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.310483, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.310525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.310568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.310610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.310653, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.310717, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.311173, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.311549, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.311627, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.311673, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.312070, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.312451, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.312528, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.312573, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.312932, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.313301, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.313434, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.313481, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.313948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.314321, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.314399, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.314444, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.314842, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.315213, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.315290, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.315335, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.316296, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.316669, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.316746, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.316791, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.317478, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.317854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.317932, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.317977, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.318610, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.318981, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.319058, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.319103, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.319551, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.319932, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.320010, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.320054, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.324535, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.324909, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.324987, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.325032, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.325710, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.326082, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.326159, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.326203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.326592, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.326971, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.327048, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.327093, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.327482, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.327852, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.327930, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.327974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.328410, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.328759, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.328837, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.328878, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.328924, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.328965, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.329189, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.329473, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.329517, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.329560, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.329600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.329641, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.329679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.329752, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 7B 52 74 35 ....m... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.329833, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006d-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.330005, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006d-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.330450, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 7B 52 74 35 ....m... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.330539, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.330580, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.330622, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.330660, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.330700, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.330737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.330801, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.330842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.330884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.330922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.330963, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.331001, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.331062, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.331103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.331146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.331184, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.331225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.331262, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.331320, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.331361, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.331404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.331450, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.331491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.331529, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.331601, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.331642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.331685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.331723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.331764, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.331802, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.331862, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.331902, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.331945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.331984, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.332026, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.332064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.332128, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.332170, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.332213, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.332252, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.332300, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.332339, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.332406, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.332448, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.332489, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.332529, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.332569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.332609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.332653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 7B 52 74 35 ....n... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.332731, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006e-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.332901, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.333241, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 7B 52 74 35 ....n... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.333319, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.333437, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.333482, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.333525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.333586, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.333629, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.333672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.333714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.333756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.333799, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.333841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.333884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.333926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.333969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.334012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.334054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.334097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.334140, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.334365, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.334721, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 7B 52 74 35 ....n... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.334799, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.334839, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.334883, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.339286, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006e-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.339419, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 7B 52 74 35 ....n... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.339498, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 7B 52 74 35 ....n... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.339574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.339618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.339660, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.339822, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006d-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.339951, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 7B 52 74 35 ....m... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.340028, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 7B 52 74 35 ....m... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.340104, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.340152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.340192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.340358, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006c-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.340489, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.340566, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 7B 52 74 35 ....l... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.340643, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.340686, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.340728, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.340889, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006b-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.341018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 7B 52 74 35 ....k... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.341095, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 7B 52 74 35 ....k... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.341171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.341211, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.341276, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.341520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.341674, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.346761, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.346824, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.346870, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.347094, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.347137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.347180, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.347223, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.347277, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000b (11) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.356738, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.356797, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.356839, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.356896, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.356939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.356985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/60/127 +[2013/11/07 07:38:44.360708, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.360963, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 60 (position 60) from bitmap +[2013/11/07 07:38:44.361092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 60 +[2013/11/07 07:38:44.361239, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.361347, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.363841, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.364376, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.364502, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 60, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.364610, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.364726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.364826, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.364929, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.365025, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.365123, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.365224, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.365318, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.365596, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.365708, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.365805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.365901, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.366008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.366132, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.377644, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.377687, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.377734, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.377781, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.377824, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.378588, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.378778, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.378824, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.378867, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.378924, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.388183, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.388267, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.388354, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.388495, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.388551, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.388593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.388695, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.388770, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.389001, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.389046, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.389090, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.389130, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.389168, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.389207, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.389452, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.389504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.389563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.389603, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.389645, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.389682, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.389765, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 7B 52 74 35 ....o... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.389846, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006f-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.390035, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006f-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.390480, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 7B 52 74 35 ....o... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.390561, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.390602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.390644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.390691, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.390733, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.390771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.390839, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.390882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.390924, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.390963, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.391004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.391042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.391103, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.391144, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.391187, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.391225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.391266, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.391304, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.391362, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.391404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.391447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.391484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.391526, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.391563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.391643, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.391685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.391729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.391772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.391815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.391852, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.391914, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.391956, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.392000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.392040, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.392082, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.392120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.392189, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.392230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.392275, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.392315, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.392357, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.392395, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.392464, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.392507, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.392555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.392596, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.392636, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.392676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.392719, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.392796, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.392969, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.393183, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.393264, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.393306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.393447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.393500, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.393543, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.393586, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.393637, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.393679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.393721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.393765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.393807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.393850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.393893, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.393935, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.393977, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.394020, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.394085, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.394539, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.394925, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.395003, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.395050, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.395449, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.395821, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.395898, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.395951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.396311, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.396683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.396759, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.396803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.397271, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.397720, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.397798, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.397845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.398467, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.398859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.398938, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.398985, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.399952, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.400324, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.400401, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.400446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.401080, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.401517, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.401596, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.401643, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.402264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.402642, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.402718, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.402764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.403157, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.403538, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.403615, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.403660, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.408289, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.408821, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.408911, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.408961, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.409637, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.410018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.410096, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.410141, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.410531, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.410898, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.410981, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.411028, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.411469, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.411842, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.411919, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.411964, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.412403, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.412749, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.412827, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.412867, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.412912, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.412953, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.413174, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.413460, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.413511, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.413555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.413594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.413635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.413672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.413753, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 7B 52 74 35 ....q... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.413833, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000071-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.414004, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000071-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.414439, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 7B 52 74 35 ....q... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.414519, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.414560, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.414601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.414647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.414687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.414725, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.414790, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.414831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.414873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.414911, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.414951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.414988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.415048, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.415089, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.415131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.415169, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.415209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.415246, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.415304, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.415344, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.415387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.415425, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.415466, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.415503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.415582, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.415623, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.415666, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.415707, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.415750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.415787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.415881, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.415925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.416055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.416096, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.416139, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.416177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.416244, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.416286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.416330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.416369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.416411, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.416449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.416519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.416569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.416611, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.416651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.416691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.416730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.416774, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 7B 52 74 35 ....r... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.416852, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000072-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.417029, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000072-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.417436, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 7B 52 74 35 ....r... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.417518, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.417558, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.417599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.417641, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.417712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.417757, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.417800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.417842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.417884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.417927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.417969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.418012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.418055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.418098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.418140, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.418183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.418225, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.418270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.418487, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000072-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.418853, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 7B 52 74 35 ....r... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.418931, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.418971, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.419016, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.423495, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000072-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.423631, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 7B 52 74 35 ....r... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.423710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 7B 52 74 35 ....r... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.423787, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.423831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.423872, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.424033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000071-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.424162, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 7B 52 74 35 ....q... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.424239, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 7B 52 74 35 ....q... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.424315, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.424356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.424396, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.424565, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000070-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.424695, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.424772, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 7B 52 74 35 ....p... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.424848, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.424893, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.424933, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.425094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000006f-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.425223, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 7B 52 74 35 ....o... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.425300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 7B 52 74 35 ....o... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.425421, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.425463, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.425525, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.425689, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.425860, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.430931, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.430996, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.431041, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.431266, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.431310, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.431353, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.431396, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.431450, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.440952, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.441015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.441058, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.441106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.441149, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.441201, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/61/127 +[2013/11/07 07:38:44.453981, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.454233, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 61 (position 61) from bitmap +[2013/11/07 07:38:44.454348, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 61 +[2013/11/07 07:38:44.454495, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.454606, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.457221, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.457828, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.457959, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 61, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.458066, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.458231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.458332, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.458436, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.458531, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.458628, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.458730, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.458839, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.458936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.459042, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.459138, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.459232, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.459337, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.459459, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000d (13) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.475042, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.475086, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.475135, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.475190, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.475233, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.475996, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.476184, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.476231, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.476275, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.476325, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.485587, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.485680, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.485758, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.485896, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.485952, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.485995, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.486097, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.486172, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.486403, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.486448, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.486493, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.486533, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.486572, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.486611, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.486775, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.486821, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.486867, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.486907, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.486948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.486986, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.487077, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 7B 52 74 35 ....s... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.487159, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000073-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.487347, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000073-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.487794, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 7B 52 74 35 ....s... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.487875, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.487915, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.487957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.487995, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.488036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.488074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.488142, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.488191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.488234, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.488272, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.488313, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.488350, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.488410, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.488452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.488494, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.488531, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.488572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.488610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.488668, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.488709, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.488752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.488790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.488831, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.488868, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.488941, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.488982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.489025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.489065, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.489115, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.489153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.489213, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.489254, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.489297, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.489337, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.489485, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.489526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.489598, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.489640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.489684, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.489723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.489765, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.489802, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.489870, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.489912, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.489953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.489993, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.490033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.490073, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.490125, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.490204, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.490379, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.490595, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.490677, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.490719, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.490782, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.490826, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.490868, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.490910, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.490953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.490995, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.491037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.491080, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.491130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.491174, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.491216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.491259, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.491302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.491345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.491409, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.491856, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.492238, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.492315, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.492362, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.492758, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.493131, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.493208, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.493252, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.493672, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.494046, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.494124, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.494169, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.494625, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.495005, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.495082, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.495127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.495518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.495888, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.495973, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.496017, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.496964, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.497345, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.497485, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.497531, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.498157, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.498538, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.498615, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.498659, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.499291, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.499672, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.499749, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.499794, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.500185, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.500557, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.500634, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.500679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.505276, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.505789, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.505870, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.505917, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.506545, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.506925, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.507004, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.507049, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.507441, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.507812, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.507890, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.507934, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.508337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.508707, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.508784, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.508827, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.509462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.509828, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.509908, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.509949, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.509994, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.510035, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.510258, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.510485, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.510526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.510569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.510608, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.510647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.510692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.510766, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 7B 52 74 35 ....u... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.510846, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000075-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.511014, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000075-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.511451, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 7B 52 74 35 ....u... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.511531, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.511571, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.511613, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.511651, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.511691, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.511728, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.511792, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.511841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.511883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.511921, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.511962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.511999, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.512059, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.512101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.512143, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.512181, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.512221, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.512258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.512315, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.512356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.512398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.512436, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.512477, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.512514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.512585, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.512626, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.512669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.512714, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.512756, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.512793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.512852, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.512894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.512937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.512976, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.513018, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.513055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.513120, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.513162, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.513205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.513244, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.513286, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.513323, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.513460, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.513508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.513550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.513590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.513630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.513678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.513722, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 7B 52 74 35 ....v... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.513800, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000076-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.513974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000076-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.514316, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 7B 52 74 35 ....v... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.514393, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.514432, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.514473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.514515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.514573, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.514616, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.514659, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.514709, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.514751, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.514793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.514835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.514878, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.514921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.514965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.515007, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.515050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.515092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.515136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.515347, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000076-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.515703, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 7B 52 74 35 ....v... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.515788, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.515829, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.515873, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.520427, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000076-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.520565, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 7B 52 74 35 ....v... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.520652, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 7B 52 74 35 ....v... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.520729, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.520775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.520817, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.520979, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000075-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.521109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 7B 52 74 35 ....u... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.521186, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 7B 52 74 35 ....u... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.521262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.521302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.521342, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.521554, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000074-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.521684, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.521770, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 7B 52 74 35 ....t... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.521847, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.521890, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.521932, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.522094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000073-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.522223, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 7B 52 74 35 ....s... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.522300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 7B 52 74 35 ....s... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.522375, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.522415, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.522474, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.522636, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.522788, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.527828, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.527892, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.527938, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.528169, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.528213, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.528257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.528300, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.528355, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000d (13) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.537767, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.537827, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.537869, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.537917, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.537960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.538005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/62/127 +[2013/11/07 07:38:44.541751, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.541845, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 62 (position 62) from bitmap +[2013/11/07 07:38:44.541906, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 62 +[2013/11/07 07:38:44.541973, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.542019, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.542815, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.543008, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.543061, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 62, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.543103, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.543150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.543190, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.543232, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.543270, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.543317, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.543358, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.543395, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.543433, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.543475, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.543512, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.543550, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.543592, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.543642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000e (14) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.553125, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.553168, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.553215, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.553262, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.553303, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.554116, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.554307, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.554353, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.554397, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.554445, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.563784, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.563870, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.563948, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.564080, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.564154, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.564198, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.564297, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.564371, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.564601, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.564647, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.564691, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.564731, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.564771, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.564810, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.564974, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.565019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.565063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.565102, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.565143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.565180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.565259, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 7B 52 74 35 ....w... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.565340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000077-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.565622, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000077-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.566069, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 7B 52 74 35 ....w... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.566151, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.566192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.566234, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.566273, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.566314, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.566352, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.566422, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.566464, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.566506, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.566545, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.566586, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.566632, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.566695, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.566737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.566779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.566817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.566858, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.566896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.566954, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.566996, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.567039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.567076, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.567117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.567154, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.567226, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.567268, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.567311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.567353, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.567396, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.567434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.567495, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.567546, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.567590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.567630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.567672, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.567709, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.567777, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.567820, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.567864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.567904, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.567947, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.567985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.568054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.568097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.568138, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.568178, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.568217, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.568257, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.568300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.568379, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.568559, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.568773, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.568855, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.568897, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.568960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.569003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.569046, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.569088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.569131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.569173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.569216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.569259, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.569302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.569346, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.569439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.569492, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.569536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.569580, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.569645, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.570097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.570474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.570552, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.570600, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.571004, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.571376, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.571453, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.571498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.571856, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.572233, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.572311, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.572355, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.572810, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.573188, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.573265, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.573311, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.573775, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.574147, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.574224, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.574271, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.575233, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.575610, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.575687, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.575732, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.576356, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.576725, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.576810, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.576856, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.577550, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.577923, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.578009, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.578056, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.578449, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.578820, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.578897, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.578944, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.583479, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.583853, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.583931, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.583984, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.584610, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.584982, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.585059, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.585105, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.585575, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.585960, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.586037, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.586083, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.586500, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.586875, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.586952, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.586997, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.587427, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.587782, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.587861, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.587902, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.587947, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.587988, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.588209, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.588435, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.588477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.588520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.588559, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.588600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.588638, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.588710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 7B 52 74 35 ....y... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.588790, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000079-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.588966, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000079-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.589453, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 7B 52 74 35 ....y... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.589536, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.589577, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.589620, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.589658, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.589698, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.589737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.589803, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.589845, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.589888, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.589926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.589975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.590015, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.590076, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.590118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.590161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.590199, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.590241, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.590279, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.590337, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.590379, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.590422, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.590460, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.590501, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.590539, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.590610, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.590652, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.590695, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.590734, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.590776, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.590813, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.590876, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.590925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.590971, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.591011, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.591055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.591093, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.591160, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.591202, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.591248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.591288, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.591331, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.591370, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.591439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.591482, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.591523, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.591563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.591604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.591645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.591688, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 7B 52 74 35 ....z... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.591767, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007a-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.591948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.592292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 7B 52 74 35 ....z... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.592369, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.592409, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.592449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.592491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.592552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.592595, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.592638, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.592680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.592723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.592767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.592824, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.592868, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.592911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.592954, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.592997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.593041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.593084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.593128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.593340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.593747, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 7B 52 74 35 ....z... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.593825, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.593865, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.593918, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.598402, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007a-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.598538, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 7B 52 74 35 ....z... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.598617, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 7B 52 74 35 ....z... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.598694, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.598746, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.598788, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.598951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000079-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.599082, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 7B 52 74 35 ....y... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.599160, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 7B 52 74 35 ....y... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.599236, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.599277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.599318, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.599481, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000078-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.599611, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.599689, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 7B 52 74 35 ....x... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.599765, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.599809, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.599858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.600020, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000077-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.600151, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 7B 52 74 35 ....w... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.600228, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 7B 52 74 35 ....w... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.600304, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.600344, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.600403, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.600566, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.600723, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.605814, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.605880, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.605925, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.606234, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.606281, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.606335, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.606379, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.606435, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000e (14) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.615971, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.616040, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.616083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.616134, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.616177, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.616223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/63/127 +[2013/11/07 07:38:44.624508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.624656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 63 (position 63) from bitmap +[2013/11/07 07:38:44.624751, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 63 +[2013/11/07 07:38:44.624825, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.624873, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.625750, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.625952, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.626006, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 63, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.626049, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.626099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.626140, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.626183, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.626221, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.626261, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.626302, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.626341, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.626388, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.626432, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.626469, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.626508, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.626551, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.626608, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x0000000f (15) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.636199, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.636246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.636296, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.636343, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.636385, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.637201, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.637443, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.637493, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.637537, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.637588, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.646803, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.646887, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.646965, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.647108, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.647164, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.647207, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.647312, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.647405, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.647639, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.647686, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.647730, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.647770, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.647809, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.647847, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.648015, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.648060, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.648106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.648145, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.648187, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.648224, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.648307, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 7B 52 74 35 ....{... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.648388, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007b-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.648579, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007b-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.649036, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 7B 52 74 35 ....{... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.649118, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.649158, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.649201, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.649239, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.649279, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.649317, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.649465, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.649511, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.649554, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.649591, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.649632, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.649669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.649729, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.649770, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.649812, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.649858, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.649900, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.649937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.649995, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.650036, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.650080, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.650118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.650159, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.650197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.650270, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.650312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.650355, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.650394, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.650437, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.650475, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.650534, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.650575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.650618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.650682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.650741, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.650781, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.650850, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.650903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.650946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.650986, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.651028, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.651065, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.651133, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.651175, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.651216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.651256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.651296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.651336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.651380, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.651458, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.651635, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.651859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.651941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.651983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.652048, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.652092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.652134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.652176, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.652218, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.652261, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.652303, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.652345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.652387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.652430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.652473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.652516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.652558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.652601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.652673, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.653124, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.653561, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.653641, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.653687, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.654096, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.654469, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.654545, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.654590, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.654948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.655326, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.655405, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.655449, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.655906, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.656360, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.656441, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.656496, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.656890, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.657262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.657339, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.657453, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.658418, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.658793, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.658870, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.658921, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.659545, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.659915, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.659993, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.660037, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.660664, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.661032, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.661109, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.661153, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.661629, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.662003, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.662080, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.662125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.666632, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.667003, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.667080, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.667125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.667752, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.668123, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.668200, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.668244, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.668643, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.669015, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.669092, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.669136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.669590, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.669975, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.670053, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.670097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.670526, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.670872, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.670949, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.670997, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.671043, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.671083, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.671305, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.671532, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.671574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.671617, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.671655, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.671694, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.671731, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.671807, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 7B 52 74 35 ....}... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.671886, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007d-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.672054, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007d-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.672497, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 7B 52 74 35 ....}... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.672578, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.672619, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.672661, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.672698, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.672738, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.672775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.672838, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.672880, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.672922, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.672960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.672999, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.673036, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.673096, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.673137, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.673188, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.673226, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.673267, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.673304, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.673389, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.673452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.673495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.673532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.673573, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.673610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.673681, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.673723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.673765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.673804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.673845, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.673881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.673940, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.673981, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.674023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.674062, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.674113, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.674151, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.674214, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.674255, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.674299, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.674337, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.674379, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.674416, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.674484, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.674526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.674566, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.674605, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.674645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.674685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.674728, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 7B 52 74 35 ....~... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.674807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007e-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.674978, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.675326, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 7B 52 74 35 ....~... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.675403, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.675443, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.675483, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.675525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.675584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.675627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.675670, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.675712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.675754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.675797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.675838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.675881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.675924, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.675974, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.676017, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.676059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.676101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.676145, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.676356, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007e-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.676711, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 7B 52 74 35 ....~... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.676788, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.676827, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.676872, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.681264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007e-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.681462, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 7B 52 74 35 ....~... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.681542, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 7B 52 74 35 ....~... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.681619, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.681665, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.681708, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.681881, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007d-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.682011, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 7B 52 74 35 ....}... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.682088, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 7B 52 74 35 ....}... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.682164, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.682204, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.682245, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.682407, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007c-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.682538, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.682616, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 7B 52 74 35 ....|... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.682692, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.682735, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.682776, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.682936, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007b-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.683080, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 7B 52 74 35 ....{... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.683158, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 7B 52 74 35 ....{... ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.683234, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.683273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.683333, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.683511, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.683682, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.688780, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.688846, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.688891, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.689119, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.689164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.689206, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.689248, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.689303, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x0000000f (15) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.698794, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.698853, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.698895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.698944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.698986, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.699032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/64/127 +[2013/11/07 07:38:44.702472, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.702703, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 64 (position 64) from bitmap +[2013/11/07 07:38:44.702849, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 64 +[2013/11/07 07:38:44.703001, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.703113, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.705060, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.705707, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.705836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 64, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.705942, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.706057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.706155, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.706420, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.706520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.706618, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.706718, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.706812, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.706907, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.707012, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.707107, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.707222, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.707330, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.707451, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000010 (16) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.723104, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.723152, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.723201, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.723249, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.723292, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.724070, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.724261, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.724308, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.724351, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.724402, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.733645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.733729, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.733806, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.733949, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.734005, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.734048, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.734150, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.734225, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.734466, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.734512, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.734556, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.734596, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.734635, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.734674, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.734840, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.734886, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.734932, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.734983, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.735025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.735063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.735146, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.735227, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007f-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.735417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007f-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.735870, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.735951, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.735991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.736034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.736071, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.736112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.736150, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.736218, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.736260, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.736301, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.736339, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.736380, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.736417, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.736478, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.736519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.736561, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.736599, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.736640, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.736677, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.736742, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.736783, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.736826, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.736864, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.736905, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.736942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.737015, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.737056, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.737099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.737139, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.737182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.737219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.737279, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.737320, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.737439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.737485, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.737529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.737567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.737636, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.737678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.737730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.737770, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.737812, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.737849, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.737916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.737958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.737999, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.738039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.738079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.738118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.738161, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.738240, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.738417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.738632, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.738714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.738764, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.738827, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.738871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.738913, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.738955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.738997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.739040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.739082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.739125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.739167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.739210, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.739253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.739297, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.739339, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.739382, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.739446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.739909, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.740285, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.740363, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.740409, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.740807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.741194, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.741272, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.741317, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.741759, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.742132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.742218, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.742264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.742721, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.743092, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.743169, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.743214, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.743614, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.743984, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.744061, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.744105, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.745065, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.745476, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.745554, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.745599, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.746232, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.746604, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.746681, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.746727, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.747360, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.747731, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.747808, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.747854, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.748254, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.748625, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.748702, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.748748, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.753404, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.753786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.753864, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.753911, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.754548, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.754921, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.754998, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.755044, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.755439, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.755819, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.755896, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.755942, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.756337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.756793, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.756883, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.756929, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.757421, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.757775, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.757854, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.757895, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.757942, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.757982, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.758217, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.758448, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.758490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.758533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.758572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.758613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.758651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.758732, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.758812, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000081-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.758982, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000081-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.759429, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.759510, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.759550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.759592, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.759630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.759670, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.759707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.759771, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.759812, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.759854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.759892, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.759932, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.759969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.760029, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.760070, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.760112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.760149, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.760190, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.760227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.760291, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.760332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.760375, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.760413, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.760454, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.760491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.760562, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.760603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.760646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.760684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.760726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.760763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.760823, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.760864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.760907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.760946, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.760989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.761026, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.761092, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.761139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.761184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.761223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.761265, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.761302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.761420, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.761466, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.761508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.761548, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.761587, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.761627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.761670, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.761748, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000082-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.761920, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000082-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.762271, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.762349, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.762388, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.762428, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.762470, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.762532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.762576, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.762618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.762661, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.762703, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.762746, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.762788, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.762831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.762873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.762916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.762958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.763000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.763042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.763094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.763308, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000082-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.763667, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.763745, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.763784, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.763829, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.768247, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000082-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.768381, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.768459, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.768537, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.768582, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.768623, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.768785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000081-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.768915, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.769001, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.769078, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.769118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.769158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.769323, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000080-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.769513, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.769593, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.769670, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.769714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.769755, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.769919, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000007f-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.770050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.770128, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.770212, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.770254, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.770315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.770479, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.770638, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.775679, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.775742, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.775789, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.776013, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.776057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.776101, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.776143, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.776198, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000010 (16) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.785662, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.785721, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.785763, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.785811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.785854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.785900, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/65/127 +[2013/11/07 07:38:44.794649, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.795258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 65 (position 65) from bitmap +[2013/11/07 07:38:44.795374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 65 +[2013/11/07 07:38:44.795537, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.795652, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.797840, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.798698, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.798836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 65, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.799109, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.799233, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.799334, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.799437, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.799533, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.799629, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.799731, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.799824, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.799918, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.800023, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.800118, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.800211, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.800318, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.800442, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000011 (17) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.811121, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.811170, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.811219, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.811267, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.811309, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.812080, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.812279, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.812327, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.812370, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.812421, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.821645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.821731, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.821808, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.821947, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.822002, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.822044, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.822150, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.822226, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.822460, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.822505, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.822550, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.822590, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.822639, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.822679, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.822846, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.822891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.822938, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.822977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.823019, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.823056, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.823140, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.823221, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000083-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.823410, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000083-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.823854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.823944, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.823985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.824027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.824065, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.824105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.824143, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.824212, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.824253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.824295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.824333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.824374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.824411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.824471, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.824512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.824554, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.824592, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.824632, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.824669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.824728, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.824769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.824812, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.824857, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.824899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.824937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.825011, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.825052, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.825094, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.825134, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.825176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.825213, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.825273, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.825314, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.825498, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.825549, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.825593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.825631, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.825703, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.825745, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.825790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.825830, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.825872, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.825919, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.825988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.826030, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.826072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.826112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.826152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.826193, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.826237, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.826316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.826495, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.826710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.826793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.826835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.826899, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.826951, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.826994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.827037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.827079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.827121, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.827163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.827207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.827250, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.827293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.827335, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.827378, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.827420, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.827463, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.827528, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.827983, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.828360, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.828437, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.828483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.828878, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.829254, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.829330, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.829375, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.829782, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.830153, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.830230, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.830275, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.830737, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.831107, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.831183, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.831227, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.831626, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.831995, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.832072, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.832116, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.833074, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.833484, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.833562, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.833608, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.834238, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.834607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.834684, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.834728, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.835355, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.835724, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.835801, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.835845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.836233, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.836627, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.836704, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.836749, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.841276, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.841690, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.841768, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.841813, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.842442, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.842846, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.842934, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.842979, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.843372, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.843751, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.843827, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.843873, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.844266, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.844636, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.844713, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.844759, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.845195, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.845580, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.845660, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.845701, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.845747, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.845788, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.846012, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.846246, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.846288, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.846330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.846369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.846409, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.846447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.846520, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.846599, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000085-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.846768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000085-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.847204, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.847292, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.847332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.847374, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.847412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.847452, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.847490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.847554, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.847595, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.847637, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.847675, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.847715, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.847752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.847812, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.847853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.847896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.847934, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.847974, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.848011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.848068, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.848109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.848151, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.848200, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.848241, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.848279, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.848351, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.848393, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.848435, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.848476, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.848518, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.848556, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.848615, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.848656, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.848700, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.848740, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.848782, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.848819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.848886, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.848927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.848972, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.849012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.849053, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.849099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.849168, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.849210, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.849251, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.849291, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.849331, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.849440, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.849487, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.849566, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000086-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.849741, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000086-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.850081, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.850159, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.850207, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.850248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.850290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.850351, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.850395, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.850437, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.850480, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.850523, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.850565, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.850608, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.850651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.850694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.850737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.850779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.850822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.850865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.850910, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.851131, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000086-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.851488, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.851565, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.851605, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.851649, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.856086, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000086-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.856221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.856299, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.856376, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.856421, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.856462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.856707, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000085-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.856844, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.856922, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.856998, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.857038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.857087, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.857254, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000084-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.857427, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.857506, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.857582, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.857627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.857668, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.857830, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000083-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.857960, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.858037, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.858112, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.858152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.858213, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.858384, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.858544, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.863599, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.863664, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.863710, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.863936, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.863980, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.864024, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.864067, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.864120, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000011 (17) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.873530, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.873588, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.873629, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.873687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.873730, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.873776, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/66/127 +[2013/11/07 07:38:44.877637, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.877983, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 66 (position 66) from bitmap +[2013/11/07 07:38:44.878101, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 66 +[2013/11/07 07:38:44.878248, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.878359, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.880287, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.880808, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.880934, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 66, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.881039, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.881155, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.881255, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.881358, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.881624, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.881722, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.881825, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.881920, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.882015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.882120, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.882232, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.882328, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.882437, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.882560, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000012 (18) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.893771, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.893815, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.893864, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.893911, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.893953, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.894723, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.894912, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.894959, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.895003, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.895053, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:44.904194, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.904277, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.904354, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:44.904493, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:44.904548, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:44.904590, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:44.904692, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:44.904768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.905000, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.905046, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.905091, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.905131, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:44.905170, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:44.905208, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:44.905448, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.905500, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:44.905560, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.905600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.905641, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.905678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.905763, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.905844, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000087-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.906033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000087-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.906480, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.906562, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.906602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:44.906645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.906682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.906731, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.906854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.906927, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.906970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.907012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.907050, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.907092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.907129, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.907190, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.907232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.907274, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.907311, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.907352, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.907389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.907448, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.907490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.907533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.907571, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.907612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.907650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.907723, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.907773, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.907817, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.907856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.907899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.907937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.907997, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.908039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.908082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.908121, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.908164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.908201, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.908268, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.908311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.908358, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.908397, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.908439, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.908476, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.908543, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.908585, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.908633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.908673, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.908713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.908754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.908797, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.908876, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.909051, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:44.909267, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.909348, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.909459, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.909526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.909571, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.909613, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.909656, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.909698, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.909750, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.909792, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.909835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.909877, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.909920, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.909963, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.910005, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.910047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.910247, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.910318, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:44.910778, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.911170, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.911249, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.911296, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.911695, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.912122, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.912201, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.912254, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:44.912615, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.912989, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.913067, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.913111, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:44.913633, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.914006, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.914083, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.914128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.914519, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.914896, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.914973, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.915017, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:44.915977, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.916348, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.916425, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.916470, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.917100, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.917518, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.917597, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.917642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.918266, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.918645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.918722, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.918767, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.919156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.919527, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.919613, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.919658, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.924297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.924683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.924762, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.924809, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:44.925475, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.925856, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.925933, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.925978, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.926369, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.926738, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.926815, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.926867, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.927256, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:44.927625, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.927703, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.927747, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:44.928183, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.928526, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.928604, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.928645, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.928691, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:44.928731, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:44.928951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.929179, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:44.929222, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:44.929273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:44.929313, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:44.929377, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.929434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:44.929518, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.929599, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000089-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.929769, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000089-0000-0000-7b52-7435c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:44.930209, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.930290, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:44.930331, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:44.930372, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.930419, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.930460, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.930497, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:44.930561, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:44.930602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:44.930645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.930683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.930723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.930760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:44.930819, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:44.930860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:44.930904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.930941, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.930982, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.931019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:44.931076, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:44.931116, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:44.931160, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.931197, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.931238, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.931275, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:44.931354, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:44.931395, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:44.931438, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.931476, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.931518, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.931555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:44.931614, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:44.931655, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:44.931698, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.931737, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.931779, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.931816, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:44.931880, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:44.931921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:44.931964, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.932004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.932045, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:44.932082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.932148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:44.932190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:44.932238, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:44.932278, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:44.932317, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:44.932357, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:44.932400, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.932477, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008a-0000-0000-7b52-7435c5510000 + result : WERR_OK +[2013/11/07 07:38:44.932647, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.932986, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.933063, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.933103, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.933143, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:44.933185, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.933253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:44.933297, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:44.933340, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:44.933447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:44.933492, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:44.933534, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:44.933576, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:44.933619, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:44.933661, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:44.933704, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:44.933746, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:44.933789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:44.933831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:44.933875, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:44.934090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008a-0000-0000-7b52-7435c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:44.934455, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.934533, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:44.934573, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:44.934617, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:44.939057, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008a-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.939192, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.939271, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.939347, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.939391, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:44.939431, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.939593, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000089-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.939722, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.939800, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.939876, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.939916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:44.939957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.940119, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000088-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.940255, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.940333, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.940410, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.940453, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:44.940494, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.940655, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000087-0000-0000-7b52-7435c5510000 +[2013/11/07 07:38:44.940784, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.940861, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 7B 52 74 35 ........ ....{Rt5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:44.940937, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:44.940978, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:44.941038, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:44.941200, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:44.941423, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:44.946452, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:44.946518, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.946564, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:44.946790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:44.946834, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:44.946877, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:44.946919, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:44.946973, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000012 (18) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:44.956360, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:44.956419, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:44.956461, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:44.956509, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:44.956552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:44.956598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/67/127 +[2013/11/07 07:38:44.973758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:44.974118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 67 (position 67) from bitmap +[2013/11/07 07:38:44.974235, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 67 +[2013/11/07 07:38:44.974403, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:44.974515, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.976432, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.976911, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:44.977034, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 67, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:44.977137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:44.977252, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:44.977557, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:44.977672, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:44.977770, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:44.977869, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:44.977970, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:44.978063, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.978158, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:44.978262, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:44.978356, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:44.978450, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:44.978555, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:44.978681, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000013 (19) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:44.997308, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:44.997354, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:44.997549, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.997609, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:44.997653, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:44.998419, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:44.998611, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:44.998659, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:44.998703, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:44.998753, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:45.008077, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.008163, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.008250, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.008394, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.008450, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.008493, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.008599, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.008676, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.008907, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.008952, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.008997, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.009037, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.009076, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.009116, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.009284, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.009330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.009456, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.009498, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.009541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.009579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.009678, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.009760, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008b-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.009953, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008b-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.010565, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.010653, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.010696, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.010741, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.010779, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.010822, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.010860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.010932, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.010976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.011029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.011069, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.011110, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.011148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.011212, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.011255, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.011298, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.011337, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.011379, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.011417, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.011476, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.011518, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.011561, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.011600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.011641, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.011679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.011753, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.011795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.011839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.011882, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.011933, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.011972, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.012035, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.012077, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.012121, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.012161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.012204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.012242, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.012311, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.012353, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.012398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.012438, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.012481, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.012519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.012588, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.012630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.012672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.012712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.012752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.012792, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.012849, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.012928, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.013107, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.013323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.013463, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.013508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.013573, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.013618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.013660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.013702, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.013744, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.013787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.013830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.013873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.013925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.013969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.014011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.014054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.014096, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.014139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.014204, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.014652, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.015024, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.015110, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.015158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.015552, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.015920, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.015997, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.016042, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.016407, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.016776, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.016853, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.016897, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.017351, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.017796, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.017876, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.017922, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.018317, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.018686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.018771, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.018818, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.019771, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.020147, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.020225, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.020271, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.020954, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.021334, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.021485, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.021533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.022158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.022535, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.022612, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.022658, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.023047, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.023415, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.023492, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.023537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.028088, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.028468, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.028545, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.028591, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.029216, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.029653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.029743, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.029790, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.030182, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.030552, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.030628, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.030673, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.031070, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.031439, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.031516, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.031561, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.031985, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.032336, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.032413, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.032453, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.032498, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.032539, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.032758, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.032997, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.033039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.033082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.033137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.033178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.033216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.033300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.033430, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008d-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.033604, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008d-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.034043, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.034123, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.034163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.034205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.034243, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.034284, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.034321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.034386, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.034436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.034480, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.034518, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.034558, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.034595, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.034656, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.034696, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.034739, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.034777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.034817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.034854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.034911, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.034952, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.034995, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.035032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.035073, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.035111, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.035181, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.035221, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.035264, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.035304, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.035356, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.035394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.035454, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.035495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.035540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.035579, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.035621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.035658, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.035724, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.035765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.035810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.035850, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.035893, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.035931, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.036000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.036042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.036083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.036123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.036163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.036203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.036254, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.036332, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008e-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.036501, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008e-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.036840, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.036916, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.036956, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.036996, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.037038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.037097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.037141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.037182, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.037233, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.037318, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.037384, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.037466, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.037510, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.037553, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.037596, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.037639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.037681, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.037724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.037769, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.037986, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008e-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.038342, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.038429, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.038469, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.038515, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.042945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008e-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.043080, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.043165, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.043242, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.043287, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.043329, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.043491, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008d-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.043620, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.043698, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.043774, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.043814, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.043854, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.044016, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008c-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.044146, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.044230, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.044306, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.044349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.044390, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.044554, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008b-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.044683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.044760, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.044835, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.044876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.044937, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.045099, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.045257, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:45.050315, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.050379, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.050424, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.050656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:45.050700, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:45.050744, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:45.050786, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:45.050840, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000013 (19) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:45.060378, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:45.060442, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:45.060484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.060534, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:45.060578, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.060624, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/68/127 +[2013/11/07 07:38:45.073595, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.073840, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 68 (position 68) from bitmap +[2013/11/07 07:38:45.073952, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 68 +[2013/11/07 07:38:45.074137, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.074248, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.076145, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.076619, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.076742, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 68, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.076848, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:45.076962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:45.077060, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:45.077162, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:45.077258, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:45.077571, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.077692, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.077787, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.077882, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:45.077986, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.078082, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.078175, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:45.078280, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.078404, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000014 (20) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:45.094808, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.094851, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.094898, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.094945, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.094987, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.095761, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.095950, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.095998, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:45.096041, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:45.096090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:45.105300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.105424, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.105503, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.105642, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.105697, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.105748, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.105852, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.105926, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.106157, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.106202, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.106246, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.106286, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.106324, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.106363, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.106524, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.106569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.106615, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.106654, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.106695, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.106733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.106813, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.106894, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008f-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.107092, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008f-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.107628, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.107711, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.107752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.107795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.107833, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.107874, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.107912, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.107982, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.108025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.108067, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.108105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.108145, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.108182, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.108254, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.108296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.108338, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.108376, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.108417, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.108454, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.108513, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.108555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.108597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.108635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.108677, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.108714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.108787, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.108829, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.108872, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.108911, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.108954, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.108991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.109051, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.109092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.109142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.109182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.109224, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.109261, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.109330, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.109443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.109489, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.109529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.109572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.109610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.109679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.109721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.109762, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.109802, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.109842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.109882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.109925, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.110004, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.110190, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.110409, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.110491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.110533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.110755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.110806, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.110848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.110891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.110934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.110976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.111018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.111061, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.111104, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.111147, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.111190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.111241, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.111285, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.111329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.111395, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.111852, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.112230, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.112308, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.112355, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.112761, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.113132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.113209, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.113254, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.113697, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.114079, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.114157, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.114202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.114662, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.115041, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.115118, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.115162, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.115556, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.115926, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.116004, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.116049, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.117007, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.117448, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.117527, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.117572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.118200, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.118574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.118660, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.118705, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.119329, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.119700, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.119777, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.119829, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.120218, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.120591, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.120668, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.120764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.125332, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.125769, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.125849, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.125903, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.126528, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.126902, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.126979, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.127024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.127429, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.127818, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.127908, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.127968, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.128370, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.128743, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.128820, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.128866, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.129298, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.129699, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.129779, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.129820, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.129865, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.129905, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.130128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.130356, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.130398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.130442, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.130480, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.130521, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.130559, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.130633, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.130714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000091-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.130889, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000091-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.131331, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.131411, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.131451, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.131494, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.131532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.131572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.131610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.131674, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.131715, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.131757, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.131796, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.131837, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.131885, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.131947, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.131989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.132031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.132069, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.132110, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.132148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.132206, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.132246, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.132290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.132328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.132370, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.132408, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.132479, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.132521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.132564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.132603, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.132644, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.132681, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.132742, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.132790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.132835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.132875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.132919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.132957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.133023, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.133065, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.133109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.133149, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.133191, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.133230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.133299, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.133341, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.133433, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.133475, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.133516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.133557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.133600, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.133679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000092-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.133861, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000092-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.134203, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.134280, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.134320, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.134360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.134402, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.134462, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.134506, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.134549, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.134591, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.134634, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.134677, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.134719, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.134770, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.134813, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.134856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.134899, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.134942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.134984, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.135028, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.135242, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000092-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.135600, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.135678, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.135717, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.135762, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.140217, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000092-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.140352, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.140430, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.140508, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.140552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.140601, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.140764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000091-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.140894, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.140973, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.141049, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.141089, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.141130, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.141293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000090-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.141474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.141554, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.141630, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.141674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.141715, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.141886, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000008f-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.142017, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.142095, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.142171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.142212, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.142272, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.142435, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.142588, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:45.147609, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.147672, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.147717, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.147939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:45.147984, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:45.148036, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:45.148079, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:45.148134, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000014 (20) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:45.157556, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:45.157617, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:45.157659, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.157707, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:45.157749, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.157795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/69/127 +[2013/11/07 07:38:45.187572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.187831, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 69 (position 69) from bitmap +[2013/11/07 07:38:45.187946, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 69 +[2013/11/07 07:38:45.188093, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.188202, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.190553, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.191049, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.191184, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.191311, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.191410, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.191518, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key F757F4B0 +[2013/11/07 07:38:45.191647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d343ef0 +[2013/11/07 07:38:45.191826, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.191892, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'F757F4B0' stored +[2013/11/07 07:38:45.191995, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xf757f4b0 (4149736624) + open_persistent_id : 0x00000000f757f4b0 (4149736624) + open_volatile_id : 0x00000000f2c9fda2 (4073323938) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.193183, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key F757F4B0 +[2013/11/07 07:38:45.193289, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.193386, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.193529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.193713, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xf757f4b0) stored +[2013/11/07 07:38:45.193826, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xf2c9fda2 (4073323938) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xf757f4b0 (4149736624) + open_persistent_id : 0x00000000f757f4b0 (4149736624) + open_volatile_id : 0x00000000f2c9fda2 (4073323938) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:45 2013 CET + compat : NULL +[2013/11/07 07:38:45.195358, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 4073323938 (2 used) +[2013/11/07 07:38:45.195480, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.195624, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.195744, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 4 for pipe \spoolss +[2013/11/07 07:38:45.195983, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.196090, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.196223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 4073323938 +[2013/11/07 07:38:45.196377, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.196491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/70/127 +[2013/11/07 07:38:45.197814, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.198027, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 70 (position 70) from bitmap +[2013/11/07 07:38:45.198160, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 70 +[2013/11/07 07:38:45.198315, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.198424, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.200682, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.201183, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.201309, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.201563, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.201672, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.201779, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key E02700BB +[2013/11/07 07:38:45.201899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d352d90 +[2013/11/07 07:38:45.202063, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.202128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'E02700BB' stored +[2013/11/07 07:38:45.202231, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xe02700bb (3760652475) + open_persistent_id : 0x00000000e02700bb (3760652475) + open_volatile_id : 0x000000005e831ade (1585650398) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.203396, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key E02700BB +[2013/11/07 07:38:45.203502, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.203598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.203699, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.203758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xe02700bb) stored +[2013/11/07 07:38:45.203852, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x5e831ade (1585650398) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xe02700bb (3760652475) + open_persistent_id : 0x00000000e02700bb (3760652475) + open_volatile_id : 0x000000005e831ade (1585650398) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:45 2013 CET + compat : NULL +[2013/11/07 07:38:45.205353, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1585650398 (3 used) +[2013/11/07 07:38:45.205580, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.205716, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.205834, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 5 for pipe \spoolss +[2013/11/07 07:38:45.206072, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.206201, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.206332, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1585650398 +[2013/11/07 07:38:45.206482, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.206594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/71/127 +[2013/11/07 07:38:45.208896, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.209123, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 71 (position 71) from bitmap +[2013/11/07 07:38:45.209235, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 71 +[2013/11/07 07:38:45.209372, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.209732, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.211966, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.212491, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.212621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.212743, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.212843, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.212951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B614F787 +[2013/11/07 07:38:45.213070, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d357090 +[2013/11/07 07:38:45.213234, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.213301, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'B614F787' stored +[2013/11/07 07:38:45.213572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb614f787 (3054827399) + open_persistent_id : 0x00000000b614f787 (3054827399) + open_volatile_id : 0x000000004444d7e4 (1145362404) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.214718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B614F787 +[2013/11/07 07:38:45.214823, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.214919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.215023, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.215081, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xb614f787) stored +[2013/11/07 07:38:45.215176, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x4444d7e4 (1145362404) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb614f787 (3054827399) + open_persistent_id : 0x00000000b614f787 (3054827399) + open_volatile_id : 0x000000004444d7e4 (1145362404) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:45 2013 CET + compat : NULL +[2013/11/07 07:38:45.216680, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1145362404 (4 used) +[2013/11/07 07:38:45.216797, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.216930, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.217046, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 6 for pipe \spoolss +[2013/11/07 07:38:45.217272, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.217470, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.217613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1145362404 +[2013/11/07 07:38:45.217764, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.217877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/72/127 +[2013/11/07 07:38:45.219318, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.219583, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 72 (position 72) from bitmap +[2013/11/07 07:38:45.219716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 72 +[2013/11/07 07:38:45.219854, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.219963, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.222170, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.222656, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.222819, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.222963, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.223066, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.223197, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 033C4D1B +[2013/11/07 07:38:45.223318, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3946b0 +[2013/11/07 07:38:45.223506, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.223573, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '033C4D1B' stored +[2013/11/07 07:38:45.223676, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x033c4d1b (54283547) + open_persistent_id : 0x00000000033c4d1b (54283547) + open_volatile_id : 0x00000000d4d1549f (3570488479) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.224813, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 033C4D1B +[2013/11/07 07:38:45.224916, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.225013, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.225115, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.225174, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x033c4d1b) stored +[2013/11/07 07:38:45.225268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xd4d1549f (3570488479) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x033c4d1b (54283547) + open_persistent_id : 0x00000000033c4d1b (54283547) + open_volatile_id : 0x00000000d4d1549f (3570488479) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:45 2013 CET + compat : NULL +[2013/11/07 07:38:45.226938, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 3570488479 (5 used) +[2013/11/07 07:38:45.227057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.227192, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.227308, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 7 for pipe \spoolss +[2013/11/07 07:38:45.227532, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.227639, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.227767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 3570488479 +[2013/11/07 07:38:45.227916, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.228029, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/73/127 +[2013/11/07 07:38:45.230852, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.231047, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 73 (position 73) from bitmap +[2013/11/07 07:38:45.231172, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 73 +[2013/11/07 07:38:45.231321, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.231432, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.233622, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.234100, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.234220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 73, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.234324, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1145362404 +[2013/11/07 07:38:45.234436, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.234537, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.234632, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.234731, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.234830, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.234923, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.235016, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.235117, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.235230, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.235326, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.235428, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.235548, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.237904, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.238029, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.238135, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.238232, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.238341, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.238444, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 8 for pipe \spoolss +[2013/11/07 07:38:45.238585, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.239870, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.240394, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.240508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/74/127 +[2013/11/07 07:38:45.241923, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.242133, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 74 (position 74) from bitmap +[2013/11/07 07:38:45.242278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 74 +[2013/11/07 07:38:45.242429, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.242538, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.244456, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.244936, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.245056, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 74, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.245161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1145362404 +[2013/11/07 07:38:45.245275, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.245677, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:45.245821, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.246382, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:45.246493, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.246604, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/75/127 +[2013/11/07 07:38:45.248555, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.248736, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 75 (position 75) from bitmap +[2013/11/07 07:38:45.248843, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 75 +[2013/11/07 07:38:45.249077, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.249204, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.251254, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.251733, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.251855, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 75, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.251959, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:45.252072, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:45.252170, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:45.252270, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:45.252365, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:45.252460, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.252559, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.252653, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.252747, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:45.252847, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.252941, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.253034, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:45.253135, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.253249, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:45.255486, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.255587, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.255726, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.255865, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.255992, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.258187, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.258669, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.258779, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:45.258886, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:45.259016, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:45.260325, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:45.260441, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.260639, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:45.260773, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:45.261013, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:45.261152, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 2 printer handles active +[2013/11/07 07:38:45.261251, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.261598, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.261791, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.261939, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:45.262285, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:45.262413, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:45.262640, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.262766, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.262869, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.263055, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.263206, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.263771, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.263879, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.263989, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.264086, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.264207, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.264306, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.264626, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.264739, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.264849, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.264948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.265049, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.265142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.265324, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.265669, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000094-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.266129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000094-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.267317, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.267545, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.267648, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.267758, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.267856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.267957, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.268052, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.268228, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.268332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.268439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.268535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.268636, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.268731, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.268886, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.268988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.269096, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.269189, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.269290, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.269495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.269560, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.269603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.269646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.269693, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.269735, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.269773, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.269846, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.269888, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.269932, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.269972, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.270014, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.270051, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.270113, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.270155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.270199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.270238, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.270281, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.270319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.270387, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.270430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.270474, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.270515, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.270557, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.270603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.270676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.270718, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.270760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.270800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.270839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.270879, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.270921, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.271000, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000095-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.271166, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:45.271225, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000095-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.271354, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.271432, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.271508, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.271550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.271590, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.271760, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000094-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.271890, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.271967, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.272043, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.272084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.272139, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.272298, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.272347, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.272498, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.272551, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.272594, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.272807, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:45.272859, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.272903, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.272945, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.272997, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:45.273500, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:45.273553, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.273593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.273640, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.273683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.273727, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/76/127 +[2013/11/07 07:38:45.309782, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.310188, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 76 (position 76) from bitmap +[2013/11/07 07:38:45.310308, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 76 +[2013/11/07 07:38:45.310508, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.310660, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.312906, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.313499, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.313638, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 76, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.313745, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:45.313861, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:45.313961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:45.314063, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:45.314157, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:45.314255, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.314380, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.314474, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.314567, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:45.314672, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.314767, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.314861, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:45.314966, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.315090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:45.333350, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.333437, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.333911, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.333968, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.334013, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.334792, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.334989, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.335038, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:45.335082, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:45.335134, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:45.344416, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.344502, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.344580, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.344725, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.344782, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.344842, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.344948, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.345024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.345257, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.345302, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.345348, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.345468, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.345509, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.345549, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.345717, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.345763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.345809, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.345849, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.345891, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.345928, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.346014, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.346097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000096-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.346304, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000096-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.346751, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.346832, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.346874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.346917, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.346955, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.346996, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.347034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.347104, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.347146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.347189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.347227, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.347268, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.347306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.347378, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.347420, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.347463, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.347501, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.347542, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.347580, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.347638, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.347679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.347723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.347761, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.347802, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.347839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.347915, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.347958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.348001, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.348040, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.348083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.348121, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.348182, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.348223, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.348274, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.348317, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.348360, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.348398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.348466, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.348508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.348552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.348591, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.348633, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.348670, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.348740, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.348784, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.348825, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.348865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.348905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.348946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.348990, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.349069, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.349253, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.349732, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.349824, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.349868, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.349940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.349985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.350027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.350069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.350110, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.350153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.350194, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.350236, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.350278, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.350320, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.350363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.350406, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.350462, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.350506, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.350571, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.351036, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.351417, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.351495, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.351541, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.351949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.352322, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.352400, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.352444, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.352805, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.353185, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.353262, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.353306, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.353867, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.354250, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.354327, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.354373, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.354768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.355140, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.355216, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.355262, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.356233, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.356614, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.356692, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.356740, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.357427, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.357806, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.357893, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.357940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.358650, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.359024, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.359102, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.359155, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.359553, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.359928, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.360004, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.360049, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.364631, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.365008, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.365086, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.365132, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.365831, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.366209, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.366286, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.366333, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.366735, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.367105, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.367181, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.367225, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.367616, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.367991, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.368068, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.368113, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.368542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.368886, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.368970, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.369010, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.369055, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.369095, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.369315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.369593, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.369636, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.369679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.369718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.369758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.369796, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.369877, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.369957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000098-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.370135, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000098-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.370571, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.370651, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.370690, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.370732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.370770, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.370810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.370847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.370911, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.370952, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.370994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.371032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.371072, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.371108, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.371176, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.371218, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.371259, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.371297, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.371337, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.371374, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.371431, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.371472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.371514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.371552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.371593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.371630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.371701, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.371742, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.371785, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.371825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.371867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.371905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.371966, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.372007, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.372059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.372099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.372140, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.372177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.372243, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.372284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.372328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.372367, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.372409, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.372446, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.372516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.372565, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.372606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.372646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.372686, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.372726, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.372769, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.372847, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000099-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.373024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000099-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.373405, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.373487, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.373527, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.373568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.373609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.373669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.373712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.373755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.373798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.373840, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.373883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.373924, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.373975, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.374018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.374061, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.374103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.374145, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.374187, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.374231, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.374446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000099-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.374806, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.374884, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.374924, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.374968, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.379452, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000099-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.379587, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.379666, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.379743, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.379787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.379836, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.379998, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000098-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.380128, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.380205, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.380282, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.380321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.380362, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.380543, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000097-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.380674, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.380752, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.380828, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.380871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.380911, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.381080, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000096-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.381229, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.381319, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.381435, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.381477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.381537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.381703, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.381862, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:45.386913, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.386977, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.387023, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.387248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:45.387293, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.387336, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.387387, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:45.387443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:45.396895, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:45.396940, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:45.396989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:45.397033, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.397078, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/77/127 +[2013/11/07 07:38:45.397259, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.397312, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 77 (position 77) from bitmap +[2013/11/07 07:38:45.397386, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 77 +[2013/11/07 07:38:45.397469, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.397514, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.398293, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.398483, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.398535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 77, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.398577, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 3570488479 +[2013/11/07 07:38:45.398623, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.398664, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.398703, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.398742, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.398783, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.398820, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.398858, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.398899, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.398936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.398981, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.399022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.399071, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.399961, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.400002, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.400044, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.400091, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.400136, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.400178, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 9 for pipe \spoolss +[2013/11/07 07:38:45.400235, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.400752, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.400960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.401005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/78/127 +[2013/11/07 07:38:45.401129, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.401176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 78 (position 78) from bitmap +[2013/11/07 07:38:45.401217, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 78 +[2013/11/07 07:38:45.401277, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.401320, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.402228, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.402422, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.402470, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 78, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.402511, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 4073323938 +[2013/11/07 07:38:45.402555, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.402596, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.402634, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.402672, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.402712, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.402759, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.402797, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.402838, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.402875, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.402912, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.402953, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.402999, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.403895, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.403936, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.403976, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.404015, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.404057, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.404098, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 10 for pipe \spoolss +[2013/11/07 07:38:45.404152, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.404670, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.404877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.404930, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/79/127 +[2013/11/07 07:38:45.405051, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.405099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 79 (position 79) from bitmap +[2013/11/07 07:38:45.405140, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 79 +[2013/11/07 07:38:45.405191, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.405233, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.406066, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.406256, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.406305, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 79, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.406346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1585650398 +[2013/11/07 07:38:45.406401, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.406442, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.406481, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.406519, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.406559, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.406596, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.406634, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.406674, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.406711, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.406749, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.406789, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.406835, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.407730, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.407771, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.407811, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.407849, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.407891, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.407932, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 11 for pipe \spoolss +[2013/11/07 07:38:45.407987, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.408593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.408803, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.408849, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/80/127 +[2013/11/07 07:38:45.408975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.409024, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 80 (position 80) from bitmap +[2013/11/07 07:38:45.409065, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 80 +[2013/11/07 07:38:45.409118, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.409160, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.410037, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.410229, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.410282, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.410336, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.410376, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.410420, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key AB2F84C7 +[2013/11/07 07:38:45.410475, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d392510 +[2013/11/07 07:38:45.410552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.410578, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'AB2F84C7' stored +[2013/11/07 07:38:45.410619, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xab2f84c7 (2872018119) + open_persistent_id : 0x00000000ab2f84c7 (2872018119) + open_volatile_id : 0x000000003ca7a04f (1017618511) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.411086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key AB2F84C7 +[2013/11/07 07:38:45.411128, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.411168, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.411209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.411247, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xab2f84c7) stored +[2013/11/07 07:38:45.411286, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x3ca7a04f (1017618511) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xab2f84c7 (2872018119) + open_persistent_id : 0x00000000ab2f84c7 (2872018119) + open_volatile_id : 0x000000003ca7a04f (1017618511) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:45 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:45 2013 CET + compat : NULL +[2013/11/07 07:38:45.412063, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1017618511 (6 used) +[2013/11/07 07:38:45.412112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.412173, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.412222, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 12 for pipe \spoolss +[2013/11/07 07:38:45.412379, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.412426, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.412484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1017618511 +[2013/11/07 07:38:45.412546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.412591, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/81/127 +[2013/11/07 07:38:45.414027, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.414107, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 81 (position 81) from bitmap +[2013/11/07 07:38:45.414150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 81 +[2013/11/07 07:38:45.414206, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.414248, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.415066, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.415276, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.415326, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 81, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.415367, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1585650398 +[2013/11/07 07:38:45.415414, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.415472, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:45.415544, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.415755, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:45.415800, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.415845, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/82/127 +[2013/11/07 07:38:45.415962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.416009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 82 (position 82) from bitmap +[2013/11/07 07:38:45.416051, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 82 +[2013/11/07 07:38:45.416102, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.416171, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.416943, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.417130, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.417177, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 82, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.417218, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 4073323938 +[2013/11/07 07:38:45.417263, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.417306, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:45.417349, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.417670, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:45.417716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.417761, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/83/127 +[2013/11/07 07:38:45.417919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.417968, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 83 (position 83) from bitmap +[2013/11/07 07:38:45.418009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 83 +[2013/11/07 07:38:45.418061, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.418104, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.418869, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.419058, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.419105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 83, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.419146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3570488479 +[2013/11/07 07:38:45.419191, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.419234, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:45.419277, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.419481, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:45.419532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.419577, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/84/127 +[2013/11/07 07:38:45.419686, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.419732, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 84 (position 84) from bitmap +[2013/11/07 07:38:45.419773, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 84 +[2013/11/07 07:38:45.419822, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.419863, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.420615, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.420801, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.420848, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 84, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.420899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1145362404 +[2013/11/07 07:38:45.420943, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:45.420985, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:45.421030, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.421243, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:45.421457, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.421507, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/85/127 +[2013/11/07 07:38:45.421640, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.421688, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 85 (position 85) from bitmap +[2013/11/07 07:38:45.421730, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 85 +[2013/11/07 07:38:45.421782, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.421824, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.422633, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.422851, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.422901, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 85, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.422942, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1017618511 +[2013/11/07 07:38:45.422986, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.423026, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.423065, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.423104, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.423144, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.423181, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.423219, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.423260, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.423298, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.423335, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.423375, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.423435, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.424375, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.424422, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.424464, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.424503, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.424547, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.424588, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 13 for pipe \spoolss +[2013/11/07 07:38:45.424658, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.425200, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.425499, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.425548, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/86/127 +[2013/11/07 07:38:45.425670, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.425718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 86 (position 86) from bitmap +[2013/11/07 07:38:45.425759, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 86 +[2013/11/07 07:38:45.425811, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.425854, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.426699, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.426890, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.426939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 86, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.426980, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1585650398 +[2013/11/07 07:38:45.427027, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:45.427067, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:45.427107, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:45.427145, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:45.427183, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.427223, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.427260, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.427327, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:45.427373, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.427410, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.427448, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:45.427489, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.427534, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 35 00 00 00 00 00 00 00 00 00 00 00 e.r.5... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:45.428359, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.428397, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.428440, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.428485, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.428525, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.429292, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.429560, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.429606, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:45.429651, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:45.429711, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer5' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer5 +[2013/11/07 07:38:45.430252, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer5] +[2013/11/07 07:38:45.430302, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.430383, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer5 + Printer is a printer +[2013/11/07 07:38:45.430437, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer5 (len=19) + searching for [printer5] +[2013/11/07 07:38:45.430545, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) + Adding cache entry with key=[PRINTERNAME/printer5] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1383806325 seconds in the past) +[2013/11/07 07:38:45.430741, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.430798, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.430840, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.430932, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.431008, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.431240, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.431286, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.431330, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.431381, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.431421, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.431460, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.431682, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.431729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.431775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.431815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.431856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.431894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.431974, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.432056, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009b-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.432244, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009b-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.432747, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.432842, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.432883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.432926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.432964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.433005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.433043, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.433113, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.433155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.433198, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.433236, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.433277, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.433315, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.433443, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.433491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.433535, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.433574, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.433615, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.433654, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.433712, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.433754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.433805, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.433844, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.433886, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.433924, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.433997, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.434038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.434081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.434121, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.434164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.434201, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.434261, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.434302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.434346, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.434385, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.434427, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.434465, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.434533, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.434575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.434618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.434658, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.434708, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.434746, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.434815, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.434857, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.434899, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.434939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.434980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.435021, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.435066, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.435146, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.435388, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.435608, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.435692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.435736, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.435853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.435903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.435946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.435989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.436032, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.436075, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.436118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.436161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.436204, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.436248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.436290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.436334, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.436377, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.436421, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.436484, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.436949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.437329, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.450621, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.450895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.452483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.453607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.453812, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.453931, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.454845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.455788, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.455983, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.456096, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.457272, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.458315, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.458515, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.458788, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.459810, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.460751, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.460947, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.461063, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.462504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.462883, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.462961, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.463008, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.463648, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.464026, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.464105, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.464151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.464792, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.465169, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.465247, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.465293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.466011, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.466414, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.466496, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.466546, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.471156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.471537, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.471616, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.471663, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.472305, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.472681, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.472760, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.472807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.473203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.473656, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.473736, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.473783, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.474181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.474556, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.474634, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.474688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.475125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.475474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.475552, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.475593, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.475641, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.475681, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.475913, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.476147, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.476191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.476236, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.476276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.476318, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.476356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.476454, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.476536, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009d-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.476706, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009d-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.477157, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.477239, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.477280, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.477323, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.477408, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.477455, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.477493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.477560, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.477602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.477644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.477682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.477723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.477760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.477821, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.477863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.477906, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.477944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.477985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.478023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.478080, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.478122, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.478173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.478212, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.478254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.478293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.478365, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.478407, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.478451, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.478492, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.478535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.478574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.478636, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.478679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.478724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.478765, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.478809, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.478847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.478916, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.478959, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.479004, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.479052, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.479095, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.479134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.479205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.479247, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.479289, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.479330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.479370, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.479411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.479454, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.479533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009e-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.479707, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009e-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.480051, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.480136, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.480177, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.480219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.480261, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.480322, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.480365, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.480407, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.480450, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.480493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.480536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.480578, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.480621, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.480663, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.480706, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.480749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.480792, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.480834, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.480879, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.481102, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009e-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.481510, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.481590, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.481630, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.481675, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.486344, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009e-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.486479, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.486558, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.486635, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.486679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.486721, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.486883, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009d-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.487013, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.487091, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.487175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.487216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.487256, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.487421, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009c-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.487551, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.487628, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.487704, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.487749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.487790, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.487951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009b-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.488081, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.488158, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.488234, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.488282, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.488348, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.488513, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg + printername: printer7 +[2013/11/07 07:38:45.488703, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.488763, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.488806, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.488902, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.488971, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.489196, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.489240, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.489287, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.489328, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.489456, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.489500, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.489660, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.489706, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.489750, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.489789, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.489842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.489881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.489952, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.490033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009f-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.490212, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009f-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.490658, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.490740, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.490780, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.490823, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.490862, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.490902, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.490940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.491016, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.491058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.491100, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.491139, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.491179, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.491216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.491277, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.491318, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.491360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.491399, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.491440, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.491478, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.491534, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.491575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.491618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.491656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.491891, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.491941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.492017, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.492059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.492111, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.492151, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.492194, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.492231, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.492290, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.492331, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.492374, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.492412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.492454, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.492492, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.492559, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer6] +[2013/11/07 07:38:45.492601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.492643, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.492683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.492725, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.492763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.492830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.492871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.492912, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.492951, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.493000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.493040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.493084, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.493162, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.493341, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.493624, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.493708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.493751, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.493814, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.493858, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.493901, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Name] len[18] +[2013/11/07 07:38:45.493944, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Priority] len[4] +[2013/11/07 07:38:45.493986, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Security] len[248] +[2013/11/07 07:38:45.494029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Share Name] len[18] +[2013/11/07 07:38:45.494081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[StartTime] len[4] +[2013/11/07 07:38:45.494125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[UntilTime] len[4] +[2013/11/07 07:38:45.494167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Description] len[0] +[2013/11/07 07:38:45.494210, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Default Priority] len[4] +[2013/11/07 07:38:45.494253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[42] +[2013/11/07 07:38:45.494297, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[0] +[2013/11/07 07:38:45.494339, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[0] +[2013/11/07 07:38:45.494382, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Port] len[40] +[2013/11/07 07:38:45.494425, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Print Processor] len[18] +[2013/11/07 07:38:45.494469, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Separator File] len[0] +[2013/11/07 07:38:45.494512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Status] len[4] +[2013/11/07 07:38:45.494556, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.494599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.494666, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.495160, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.495553, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.495631, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.495677, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.496077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.496462, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.496539, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.496583, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.497044, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.497498, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.497578, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.497631, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x36 (54) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.498268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.498647, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.498724, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.498768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.499172, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.499548, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.499625, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.499669, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.504234, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.504614, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.504692, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.504737, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x36 (54) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.505420, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.505800, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.505878, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.505923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.506333, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.506710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.506787, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.506832, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.507229, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.507612, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.507690, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.507735, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(0) + size : * + size : 0x00000000 (0) + length : * + length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.508064, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.508439, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.508516, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.508569, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.509057, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.509499, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.509578, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.509625, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(42) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x43 (67) + [7] : 0x00 (0) + [8] : 0x6f (111) + [9] : 0x00 (0) + [10] : 0x6c (108) + [11] : 0x00 (0) + [12] : 0x6f (111) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x20 (32) + [17] : 0x00 (0) + [18] : 0x4c (76) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x73 (115) + [23] : 0x00 (0) + [24] : 0x65 (101) + [25] : 0x00 (0) + [26] : 0x72 (114) + [27] : 0x00 (0) + [28] : 0x4a (74) + [29] : 0x00 (0) + [30] : 0x65 (101) + [31] : 0x00 (0) + [32] : 0x74 (116) + [33] : 0x00 (0) + [34] : 0x20 (32) + [35] : 0x00 (0) + [36] : 0x50 (80) + [37] : 0x00 (0) + [38] : 0x53 (83) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + size : * + size : 0x0000002a (42) + length : * + length : 0x0000002a (42) + result : WERR_OK +[2013/11/07 07:38:45.510677, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.511052, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.511140, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.511187, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(0) + size : * + size : 0x00000000 (0) + length : * + length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.511516, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.512054, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.512137, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.512185, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(0) + size : * + size : 0x00000000 (0) + length : * + length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.512525, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.512910, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.512988, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.513033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(40) + [0] : 0x5c (92) + [1] : 0x00 (0) + [2] : 0x5c (92) + [3] : 0x00 (0) + [4] : 0x4d (77) + [5] : 0x00 (0) + [6] : 0x65 (101) + [7] : 0x00 (0) + [8] : 0x6d (109) + [9] : 0x00 (0) + [10] : 0x62 (98) + [11] : 0x00 (0) + [12] : 0x65 (101) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x33 (51) + [19] : 0x00 (0) + [20] : 0x5c (92) + [21] : 0x00 (0) + [22] : 0x70 (112) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x69 (105) + [27] : 0x00 (0) + [28] : 0x6e (110) + [29] : 0x00 (0) + [30] : 0x74 (116) + [31] : 0x00 (0) + [32] : 0x65 (101) + [33] : 0x00 (0) + [34] : 0x72 (114) + [35] : 0x00 (0) + [36] : 0x36 (54) + [37] : 0x00 (0) + [38] : 0x00 (0) + [39] : 0x00 (0) + size : * + size : 0x00000028 (40) + length : * + length : 0x00000028 (40) + result : WERR_OK +[2013/11/07 07:38:45.514094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.514472, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.514550, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.514600, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x57 (87) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x50 (80) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.515237, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.515612, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.515689, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.515733, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(0) + size : * + size : 0x00000000 (0) + length : * + length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.516059, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.516436, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.516513, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.516557, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.516949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.517324, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.517457, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.517511, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x63 (99) + [1] : 0x97 (151) + [2] : 0x62 (98) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.517948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.518293, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.518371, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.518411, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.518456, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.518496, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.518723, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.518951, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.518994, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.519037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.519076, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.519117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.519155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.519231, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.519313, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a1-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.519482, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a1-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.519935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.520016, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.520057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.520099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.520137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.520178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.520215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.520280, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.520321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.520364, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.520402, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.520442, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.520479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.520540, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.520581, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.520624, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.520662, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.520703, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.520740, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.520798, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.520847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.520891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.520929, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.520970, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.521008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.521080, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.521122, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.521165, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.521204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.521246, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.521283, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.521342, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.521447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.521543, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.521587, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.521630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.521668, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.521736, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer6] +[2013/11/07 07:38:45.521778, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.521821, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.521869, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.521912, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.521950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.522018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.522061, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.522103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.522143, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.522183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.522224, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.522267, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.522347, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a2-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.522524, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a2-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.522870, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.522955, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.522996, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.523037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.523079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.523138, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.523182, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.523225, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Name] len[18] +[2013/11/07 07:38:45.523267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Priority] len[4] +[2013/11/07 07:38:45.523310, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Security] len[248] +[2013/11/07 07:38:45.523352, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Share Name] len[18] +[2013/11/07 07:38:45.523394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[StartTime] len[4] +[2013/11/07 07:38:45.523436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[UntilTime] len[4] +[2013/11/07 07:38:45.523478, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Description] len[0] +[2013/11/07 07:38:45.523521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Default Priority] len[4] +[2013/11/07 07:38:45.523564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[42] +[2013/11/07 07:38:45.523606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[0] +[2013/11/07 07:38:45.523648, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[0] +[2013/11/07 07:38:45.523692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Port] len[40] +[2013/11/07 07:38:45.523742, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Print Processor] len[18] +[2013/11/07 07:38:45.523785, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Separator File] len[0] +[2013/11/07 07:38:45.523828, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Status] len[4] +[2013/11/07 07:38:45.523871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.523915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.524129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a2-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.524487, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.524564, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer6] +[2013/11/07 07:38:45.524604, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.524647, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.529091, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a2-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.529226, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.529304, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.529420, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.529466, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.529508, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.529680, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a1-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.529811, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.529888, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.529964, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.530004, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.530045, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.530207, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a0-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.530338, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.530416, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.530492, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.530537, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.530578, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.530739, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009f-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.530876, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.530954, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.531030, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.531070, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.531129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.531293, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg + printername: printer6 +[2013/11/07 07:38:45.531396, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) + Adding cache entry with key=[PRINTERNAME/printer5] and timeout=[Do Nov 7 07:43:45 2013 CET] (300 seconds ahead) + set_printer_hnd_name: Printer found: printer5 -> printer5 +[2013/11/07 07:38:45.531491, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 3 printer handles active +[2013/11/07 07:38:45.531532, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.531610, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.531687, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.531754, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:45.531925, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer5 is ok for unix user root +[2013/11/07 07:38:45.531979, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:45.532080, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.532144, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.532186, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.532283, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.532344, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.532571, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.532615, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.532662, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.532702, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.532742, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.532782, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.532925, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.532970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.533015, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.533053, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.533093, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.533130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.533201, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.533282, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a3-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.533591, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a3-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.534040, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.534122, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.534163, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.534206, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.534245, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.534286, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.534324, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.534395, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.534438, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.534480, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.534519, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.534560, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.534607, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.534669, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.534712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.534755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.534794, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.534835, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.534873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.534931, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.534973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.535016, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.535055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.535096, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.535134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.535207, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.535250, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.535293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.535333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.535375, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.535413, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.535474, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.535525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.535569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.535609, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.535652, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.535690, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.535757, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.535800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.535844, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.535885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.535927, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.535965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.536033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.536076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.536117, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.536158, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.536198, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.536239, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.536283, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.536362, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a4-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.536534, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 already exists +[2013/11/07 07:38:45.536590, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a4-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.536722, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.536801, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.536877, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.536918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.536958, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.537123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a3-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.537257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.537336, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.537469, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.537512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.537568, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.537739, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.537791, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009a-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.537946, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.538004, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.538049, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.538276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:45.538320, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.538364, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.538407, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.538462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:45.538894, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:45.538944, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.538985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.539033, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.539076, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.539121, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/87/127 +[2013/11/07 07:38:45.539321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.539373, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 87 (position 87) from bitmap +[2013/11/07 07:38:45.539416, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 87 +[2013/11/07 07:38:45.539481, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.539525, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.540318, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.540513, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.540567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 87, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.540610, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4073323938 +[2013/11/07 07:38:45.540658, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:45.540699, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:45.540740, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:45.540779, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:45.540819, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.540860, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.540898, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.540936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:45.540977, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.541015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.541053, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:45.541094, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.541142, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 35 00 00 00 00 00 00 00 00 00 00 00 e.r.5... ........ + [0040] 00 00 00 00 08 00 02 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:45.542093, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.542135, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.542178, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.542225, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.542266, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.543044, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.543234, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.543279, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:45.543323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:45.543380, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer5' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00020008 (131080) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 1: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer5 +[2013/11/07 07:38:45.543911, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer5] +[2013/11/07 07:38:45.543961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.544041, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer5 + Printer is a printer +[2013/11/07 07:38:45.544104, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer5 (len=19) + searching for [printer5] +[2013/11/07 07:38:45.544201, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer5, we already got it + set_printer_hnd_name: Printer found: printer5 -> printer5 +[2013/11/07 07:38:45.544259, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 4 printer handles active +[2013/11/07 07:38:45.544299, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.544378, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.544456, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.544521, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:45.544678, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer5 is ok for unix user root +[2013/11/07 07:38:45.544731, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:45.544832, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.544887, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.544929, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.545022, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.545086, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.545318, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.545448, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.545513, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.545555, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.545594, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.545633, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.545777, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.545821, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.545865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.545905, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.545945, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.545982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.546056, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.546137, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a6-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.546324, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a6-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.546780, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.546862, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.546903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.546946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.546984, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.547025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.547062, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.547131, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.547173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.547215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.547254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.547294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.547332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.547392, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.547434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.547477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.547514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.547555, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.547592, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.547650, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.547691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.547743, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.547782, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.547824, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.547861, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.547932, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.547974, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.548018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.548057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.548099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.548138, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.548197, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.548238, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.548281, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.548321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.548363, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.548401, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.548469, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.548511, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.548557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.548604, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.548647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.548685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.548755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.548797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.548838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.548877, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.548917, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.548957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.549001, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.549079, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a7-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.549239, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 already exists +[2013/11/07 07:38:45.549295, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a7-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.549558, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.549639, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.549716, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.549768, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.549811, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.549977, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a6-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.550109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.550189, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.550266, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.550307, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.550362, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.550520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.550569, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a5-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.550721, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.550774, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.550818, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.551046, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:45.551090, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.551133, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.551176, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.551229, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:45.551650, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:45.551700, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.551741, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.551788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.551832, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.551876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/88/127 +[2013/11/07 07:38:45.552050, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.552099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 88 (position 88) from bitmap +[2013/11/07 07:38:45.552150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 88 +[2013/11/07 07:38:45.552210, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.552254, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.553082, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.553277, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.553328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 88, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.553445, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3570488479 +[2013/11/07 07:38:45.553495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:45.553536, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:45.553577, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:45.553625, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:45.553665, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.553705, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.553743, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.553782, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:45.553823, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.553861, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.553899, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:45.553940, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.553988, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 35 00 00 00 00 00 00 00 00 00 00 00 e.r.5... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:45.554824, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.554864, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.554906, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.554951, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.554992, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.555757, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.555946, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.555991, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:45.556034, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:45.556087, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer5' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer5 +[2013/11/07 07:38:45.556624, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer5] +[2013/11/07 07:38:45.556672, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.556751, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer5 + Printer is a printer +[2013/11/07 07:38:45.556806, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer5 (len=19) + searching for [printer5] +[2013/11/07 07:38:45.556899, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer5, we already got it + set_printer_hnd_name: Printer found: printer5 -> printer5 +[2013/11/07 07:38:45.556955, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:45.556995, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.557074, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.557151, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.557213, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:45.557475, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer5 is ok for unix user root +[2013/11/07 07:38:45.557539, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:45.557639, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.557692, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.557734, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.557825, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.557889, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.558118, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.558162, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.558207, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.558247, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.558287, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.558326, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.558463, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.558508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.558552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.558592, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.558634, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.558672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.558758, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.558841, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a9-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.559129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a9-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.559574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.559656, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.559696, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.559739, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.559778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.559819, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.559856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.559928, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.559970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.560023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.560062, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.560102, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.560140, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.560202, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.560244, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.560286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.560325, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.560366, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.560404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.560463, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.560504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.560548, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.560586, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.560628, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.560665, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.560737, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.560779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.560822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.560862, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.560904, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.560950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.561011, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.561053, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.561097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.561136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.561178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.561216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.561287, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.561330, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.561438, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.561480, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.561523, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.561562, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.561633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.561676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.561717, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.561758, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.561798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.561839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.561890, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.561970, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000aa-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.562134, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 already exists +[2013/11/07 07:38:45.562192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000aa-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.562323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.562402, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.562479, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.562521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.562562, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.562725, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a9-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.562856, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.562934, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.563018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.563059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.563114, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.563274, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.563324, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a8-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.563477, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.563533, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.563577, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.563798, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:45.563841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.563884, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.563927, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.563979, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:45.564409, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:45.564459, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.564500, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.564547, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.564589, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.564635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/89/127 +[2013/11/07 07:38:45.564823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.564874, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 89 (position 89) from bitmap +[2013/11/07 07:38:45.564917, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 89 +[2013/11/07 07:38:45.564979, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.565023, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.565892, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.566087, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.566141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 89, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.566184, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:45.566231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:45.566272, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:45.566314, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:45.566352, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:45.566392, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.566433, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.566470, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.566508, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:45.566551, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.566589, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.566627, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:45.566670, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.566726, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:45.576343, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.576391, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.576441, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.576488, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.576530, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.577307, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.577551, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.577601, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:45.577645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:45.577696, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:45.587033, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.587122, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.587200, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.587346, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.587407, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.587449, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.587559, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.587638, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.587872, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.587918, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.587974, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.588015, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.588055, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.588094, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.588261, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.588307, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.588354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.588394, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.588435, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.588473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.588558, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.588639, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ab-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.588831, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ab-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.589289, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.589469, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.589513, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.589556, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.589594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.589635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.589672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.589744, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.589786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.589830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.589869, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.589910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.589947, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.590007, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.590048, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.590091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.590129, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.590170, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.590207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.590265, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.590306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.590360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.590399, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.590441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.590479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.590553, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.590595, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.590639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.590679, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.590722, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.590760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.590821, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.590863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.590907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.590947, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.590990, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.591028, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.591097, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.591139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.591183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.591230, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.591273, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.591311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.591381, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.591423, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.591464, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.591504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.591544, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.591584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.591627, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.591707, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.591885, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.592102, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.592184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.592227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.592300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.592345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.592387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.592430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.592472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.592515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.592557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.592600, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.592642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.592685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.592727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.592771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.592813, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.592857, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.592922, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.593456, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.593847, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.593926, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.593974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.594375, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.594755, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.594832, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.594876, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.595235, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.595605, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.595682, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.595734, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.596192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.596623, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.596703, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.596749, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.597151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.597589, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.597669, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.597714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.598683, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.599056, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.599133, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.599179, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.599811, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.600187, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.600264, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.600311, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.600947, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.601320, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.601472, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.601520, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.601915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.602294, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.602372, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.602417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.606934, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.607308, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.607386, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.607432, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.608060, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.608431, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.608509, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.608554, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.608943, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.609539, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.609622, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.609669, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.610070, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.610443, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.610521, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.610576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.611012, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.611359, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.611437, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.611478, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.611525, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.611565, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.611798, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.612026, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.612069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.612292, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.612336, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.612378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.612416, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.612507, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.612589, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ad-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.612767, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ad-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.613217, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.613299, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.613341, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.613450, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.613490, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.613531, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.613569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.613637, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.613678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.613721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.613759, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.613800, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.613837, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.613898, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.613940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.613982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.614020, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.614061, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.614098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.614156, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.614206, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.614249, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.614287, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.614328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.614365, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.614438, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.614480, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.614523, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.614561, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.614603, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.614641, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.614700, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.614742, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.614785, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.614823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.614865, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.614902, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.614967, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.615008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.615051, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.615098, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.615140, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.615177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.615246, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.615289, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.615329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.615369, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.615409, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.615449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.615492, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.615570, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ae-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.615745, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ae-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.616087, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.616172, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.616211, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.616252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.616294, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.616355, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.616398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.616441, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.616483, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.616525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.616568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.616609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.616652, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.616694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.616737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.616779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.616822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.616864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.616908, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.617127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ae-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.617549, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.617629, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.617670, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.617715, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.622285, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ae-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.622795, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.622876, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.622953, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.622997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.623039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.623202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ad-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.623332, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.623409, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.623495, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.623536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.623576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.623740, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ac-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.623870, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.623948, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.624023, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.624068, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.624108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.624270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ab-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.624399, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.624477, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.624553, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.624601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.624664, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.624829, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.624998, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:45.630234, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.630307, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.630353, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.630583, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:45.630628, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:45.630672, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:45.630715, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:45.630771, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:45.640174, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:45.640240, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:45.640283, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.640333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:45.640376, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.640423, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/90/127 +[2013/11/07 07:38:45.640617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.640670, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 90 (position 90) from bitmap +[2013/11/07 07:38:45.640714, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 90 +[2013/11/07 07:38:45.640778, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.640822, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.641711, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.641910, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.641964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 90, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.642007, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1017618511 +[2013/11/07 07:38:45.642055, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.642098, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:45.642141, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.642353, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:45.642397, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.642441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/91/127 +[2013/11/07 07:38:45.642661, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.642719, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 91 (position 91) from bitmap +[2013/11/07 07:38:45.642761, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 91 +[2013/11/07 07:38:45.642815, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.642857, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.643669, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.643862, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.643910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 91, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.643953, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4073323938 +[2013/11/07 07:38:45.643999, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 2108 +[2013/11/07 07:38:45.644061, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 2108 +[2013/11/07 07:38:45.644106, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2108 +[2013/11/07 07:38:45.644144, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 2108 +[2013/11/07 07:38:45.644184, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 2108, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.644225, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.644262, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:45.644299, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 2092 +[2013/11/07 07:38:45.644350, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.644388, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:45.644426, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 2092, incoming data = 2092 +[2013/11/07 07:38:45.644468, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.644517, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x083c (2108) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000824 (2084) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2084 + [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 00 00 02 00 00 08 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 08 00 00 .... +[2013/11/07 07:38:45.649541, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.649583, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.649629, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.649674, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.649715, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.650478, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.650668, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.650713, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:45.650756, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:45.650803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a5-0000-0000-7b52-7535c5510000 + level : 0x00000000 (0) + buffer : * + buffer : DATA_BLOB length=2048 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00000800 (2048) +[2013/11/07 07:38:45.655503, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.655586, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.655663, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.655791, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.655847, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.655890, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.655985, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.656062, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.656294, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.656338, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.656382, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.656422, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.656461, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.656500, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.656654, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.656698, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.656743, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.656783, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.656824, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.656860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.656938, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.657019, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000af-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.657202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000af-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.657715, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.657798, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.657839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.657881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.657919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.657960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.657997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.658066, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.658108, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.658150, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.658188, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.658228, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.658265, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.658324, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.658366, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.658416, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.658454, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.658496, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.658533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.658591, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.658632, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.658675, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.658712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.658753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.658791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.658863, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.658904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.658950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.658989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.659031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.659068, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.659130, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.659248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.659294, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.659333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.659383, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.659422, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.659493, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.659535, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.659579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.659619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.659661, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.659699, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.659768, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.659810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.659852, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.659892, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.659933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.659973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.660016, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.660094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.660270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.660493, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.660574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.660617, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.660682, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.660726, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.660767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.660810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.660851, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.660894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.660936, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.660979, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.661021, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.661062, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.661105, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.661147, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.661189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.661232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.661287, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.661331, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.661444, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.661488, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.661532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.661600, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.662053, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.662429, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.662515, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.662561, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.662923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.663295, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.663372, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.663417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.663887, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.664258, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.664334, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.664380, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.664773, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.665149, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.665226, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.665271, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.666315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.666689, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.666766, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.666812, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.667445, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.667816, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.667893, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.667939, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.668329, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.668707, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.668784, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.668830, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.673382, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.673774, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.673852, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.673899, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.674527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.674907, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.674984, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.675029, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.675419, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.675798, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.675876, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.675922, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.676313, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.676683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.676761, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.676806, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(56) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x55 (85) + [7] : 0x00 (0) + [8] : 0x6e (110) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x76 (118) + [13] : 0x00 (0) + [14] : 0x65 (101) + [15] : 0x00 (0) + [16] : 0x72 (114) + [17] : 0x00 (0) + [18] : 0x73 (115) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x6c (108) + [23] : 0x00 (0) + [24] : 0x20 (32) + [25] : 0x00 (0) + [26] : 0x50 (80) + [27] : 0x00 (0) + [28] : 0x72 (114) + [29] : 0x00 (0) + [30] : 0x69 (105) + [31] : 0x00 (0) + [32] : 0x6e (110) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x69 (105) + [37] : 0x00 (0) + [38] : 0x6e (110) + [39] : 0x00 (0) + [40] : 0x67 (103) + [41] : 0x00 (0) + [42] : 0x20 (32) + [43] : 0x00 (0) + [44] : 0x50 (80) + [45] : 0x00 (0) + [46] : 0x43 (67) + [47] : 0x00 (0) + [48] : 0x4c (76) + [49] : 0x00 (0) + [50] : 0x20 (32) + [51] : 0x00 (0) + [52] : 0x36 (54) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + size : * + size : 0x00000038 (56) + length : * + length : 0x00000038 (56) + result : WERR_OK +[2013/11/07 07:38:45.678168, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.678563, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.678642, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.678688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.679048, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.679420, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.679505, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.679550, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.679908, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.680279, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.680356, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.680400, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.680766, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.681137, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.681214, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.681259, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.681863, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.682252, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.682331, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.682378, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.682771, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.683143, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.683221, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.683266, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.683901, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.684271, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.684348, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.684393, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.684834, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.685179, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.685258, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.685298, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.685344, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.685433, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.685657, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.685893, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.685934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.685977, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.686015, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.686055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.686093, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.686170, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.686251, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b1-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.686417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b1-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.686854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.686942, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.686982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.687024, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.687061, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.687101, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.687139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.687202, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.687243, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.687285, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.687322, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.687362, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.687399, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.687459, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.687499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.687541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.687579, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.687620, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.687657, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.687714, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.687755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.687798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.687843, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.687885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.687921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.687993, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.688034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.688077, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.688115, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.688157, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.688194, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.688253, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.688293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.688336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.688374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.688416, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.688453, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.688517, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.688558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.688600, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.688639, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.688680, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.688725, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.688791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.688833, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.688874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.688914, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.688953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.688993, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.689035, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.689114, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b2-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.689282, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b2-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.689683, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.689762, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.689802, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.689851, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.689894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.689955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.689998, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.690041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.690083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.690125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.690167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.690210, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.690252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.690295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.690337, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.690379, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.690422, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.690464, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.690506, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.690548, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.690591, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.690641, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.690685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.690728, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.690942, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b2-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.691299, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.691376, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.691416, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.691459, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.695883, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b2-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.696018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.696096, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.696173, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.696216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.696258, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.696419, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b1-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.696557, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.696635, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.696712, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.696752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.696793, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.696955, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b0-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.697084, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.697161, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.697237, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.697280, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.697321, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.697523, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000af-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.697654, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.697746, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.697823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.697863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.697923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.698087, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.698223, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:1328(print_cache_expired) + print_cache_expired: cache expired for queue printer5 (last_qscan_time = 1383805244, time now = 1383806325, qcachetime = 30) +[2013/11/07 07:38:45.698298, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:1745(print_queue_update) + print_queue_update: Sending message -> printer = printer5, type = 8, lpq command = [printer5] lprm command = [] +[2013/11/07 07:38:45.698393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/messages_local.c:282(messaging_tdb_store) + messaging_tdb_store: +[2013/11/07 07:38:45.698436, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + array: struct messaging_array + num_messages : 0x00000001 (1) + messages: ARRAY(1) + messages: struct messaging_rec + msg_version : 0x00000002 (2) + msg_type : MSG_PRINTER_UPDATE (517) + dest: struct server_id + pid : 0x00000000000051b3 (20915) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + src: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + buf : DATA_BLOB length=23 + [0000] 70 72 69 6E 74 65 72 35 00 08 00 00 00 70 72 69 printer5 .....pri + [0010] 6E 74 65 72 35 00 00 nter5.. +[2013/11/07 07:38:45.698870, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:75(messaging_tdb_signal_handler) + messaging_tdb_signal_handler: sig[10] count[1] msgs[1] +[2013/11/07 07:38:45.698933, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:496(message_dispatch) + message_dispatch: received_messages = 1 +[2013/11/07 07:38:45.699008, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:242(messaging_tdb_fetch) + messaging_tdb_fetch: +[2013/11/07 07:38:45.699059, 1, pid=20915, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + result: struct messaging_array + num_messages : 0x00000001 (1) + messages: ARRAY(1) + messages: struct messaging_rec + msg_version : 0x00000002 (2) + msg_type : MSG_PRINTER_UPDATE (517) + dest: struct server_id + pid : 0x00000000000051b3 (20915) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + src: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + buf : DATA_BLOB length=23 + [0000] 70 72 69 6E 74 65 72 35 00 08 00 00 00 70 72 69 printer5 .....pri + [0010] 6E 74 65 72 35 00 00 nter5.. +[2013/11/07 07:38:45.699458, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1535(print_queue_update_with_lock) + print_queue_update_with_lock: printer share = printer5 +[2013/11/07 07:38:45.699559, 4, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1328(print_cache_expired) + print_cache_expired: cache expired for queue printer5 (last_qscan_time = 1383805244, time now = 1383806325, qcachetime = 30) +[2013/11/07 07:38:45.699626, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1160(set_updating_pid) + set_updating_pid: updating lpq cache for print share printer5 +[2013/11/07 07:38:45.699689, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1383(print_queue_update_internal) + print_queue_update_internal: printer = printer5, type = 8, lpq command = [printer5] +[2013/11/07 07:38:45.699772, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/print_cups.c:1113(cups_queue_get) + cups_queue_get(printer5, 0x7fff68d2bb48, 0x7fff68d2bc60) +[2013/11/07 07:38:45.699825, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/print_cups.c:130(cups_connect) + connecting to cups server localhost:631 +[2013/11/07 07:38:45.702232, 3, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1402(print_queue_update_internal) + print_queue_update_internal: 0 jobs in queue for printer5 +[2013/11/07 07:38:45.702464, 10, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1478(print_queue_update_internal) + print_queue_update_internal: printer printer5 INFO/total_jobs = 0 +[2013/11/07 07:38:45.702535, 5, pid=20915, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1160(set_updating_pid) + set_updating_pid: not updating lpq cache for print share printer5 +[2013/11/07 07:38:45.702891, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.702964, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.703008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.703105, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.703178, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.703428, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.703472, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.703520, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.703561, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.703601, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.703642, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.703783, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.703827, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.703872, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.703911, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.703952, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.703989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.704063, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.704145, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b3-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.704328, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b3-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.704785, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.704867, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.704908, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.704951, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.704989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.705031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.705069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.705139, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.705181, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.705224, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.705262, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.705303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.705341, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.705467, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.705515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.705558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.705606, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.705649, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.705687, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.705745, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.705787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.705831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.705869, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.705910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.705948, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.706021, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.706063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.706106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.706146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.706188, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.706226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.706287, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.706328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.706372, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.706411, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.706453, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.706490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.706565, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.706608, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.706652, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.706691, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.706733, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.706771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.706838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.706880, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.706921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.706962, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.707001, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.707042, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.707085, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.707163, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b4-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.707328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:2548(winreg_printer_get_changeid) + winreg_printer_get_changeid: get changeid from SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 +[2013/11/07 07:38:45.707407, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b4-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'ChangeID' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.707760, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.707839, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.707879, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.707920, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.707961, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.708025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.708069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.708112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.708154, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.708197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.708240, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.708282, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.708325, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.708368, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.708417, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.708461, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.708504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.708547, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.708589, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.708633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.708676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.708718, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.708761, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.708807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_DWORD (4) + data : NULL + data_size : * + data_size : 0x00000004 (4) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.709022, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b4-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x00000004 (4) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.709544, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.709625, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.709675, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.709722, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_DWORD (4) + data : * + data: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + data_size : * + data_size : 0x00000004 (4) + data_length : * + data_length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.710022, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b4-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.710157, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.710236, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.710312, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.710356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.710397, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.710561, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b3-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.710692, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.710769, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.710853, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.710894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.710949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.711110, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.711215, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 0) + info0: struct spoolss_PrinterInfo0 + printername : * + printername : '\\MEMBER43\printer5' + servername : * + servername : '\\MEMBER43' + cjobs : 0x00000000 (0) + total_jobs : 0x00000000 (0) + total_bytes : 0x00000000 (0) + time: struct spoolss_Time + : 'Do Nov 7 06:37:40 2013 CET' + global_counter : 0x00000001 (1) + total_pages : 0x00000000 (0) + version : 0x08930005 (143851525) + free_build : SPOOLSS_RELEASE_BUILD (1) + spooling : 0x00000000 (0) + max_spooling : 0x00000000 (0) + session_counter : 0x00000001 (1) + num_error_out_of_paper : 0x00000000 (0) + num_error_not_ready : 0x00000000 (0) + job_error : 0x00000000 (0) + 0: JOB_STATUS_PAUSED + 0: JOB_STATUS_ERROR + 0: JOB_STATUS_DELETING + 0: JOB_STATUS_SPOOLING + 0: JOB_STATUS_PRINTING + 0: JOB_STATUS_OFFLINE + 0: JOB_STATUS_PAPEROUT + 0: JOB_STATUS_PRINTED + 0: JOB_STATUS_DELETED + 0: JOB_STATUS_BLOCKED_DEVQ + 0: JOB_STATUS_USER_INTERVENTION + 0: JOB_STATUS_RESTART + 0: JOB_STATUS_COMPLETE + number_of_processors : 0x00000001 (1) + processor_type : PROCESSOR_INTEL_PENTIUM (586) + high_part_total_bytes : 0x00000000 (0) + change_id : 0x0134eb44 (20245316) + last_error : WERR_OK + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + enumerate_network_printers: 0x00000000 (0) + c_setprinter : 0x00000000 (0) + processor_architecture : PROCESSOR_ARCHITECTURE_INTEL (0) + processor_level : 0x0006 (6) + ref_ic : 0x00000000 (0) + reserved2 : 0x00000000 (0) + reserved3 : 0x00000000 (0) + needed : * + needed : 0x000000c0 (192) + result : WERR_OK +[2013/11/07 07:38:45.712839, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.712905, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.712950, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 2092 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 2108 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.713176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 2108 +[2013/11/07 07:38:45.713220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.713263, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.713306, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 2064. +[2013/11/07 07:38:45.713453, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0828 (2088) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000810 (2064) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2064 + [0000] 04 00 02 00 00 08 00 00 D8 07 00 00 C2 07 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 DD 07 0B 00 ........ ........ + [0020] 04 00 07 00 06 00 25 00 28 00 00 00 01 00 00 00 ......%. (....... + [0030] 00 00 00 00 05 00 93 08 01 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 01 00 00 00 4A 02 00 00 00 00 00 00 ........ J....... + [0060] 44 EB 34 01 00 00 00 00 00 00 00 00 00 00 00 00 D.4..... ........ + [0070] 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 5C 00 5C 00 4D 00 ........ ..\.\.M. + [07D0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 00 00 E.M.B.E. R.4.3... + [07E0] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [07F0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0800] 65 00 72 00 35 00 00 00 C0 00 00 00 00 00 00 00 e.r.5... ........ +[2013/11/07 07:38:45.718358, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:45.718402, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:45.718451, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:45.718495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.718541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/92/127 +[2013/11/07 07:38:45.718734, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.718786, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 92 (position 92) from bitmap +[2013/11/07 07:38:45.718829, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 92 +[2013/11/07 07:38:45.718894, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.718939, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.719712, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.719906, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.719960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:45.720012, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.720052, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.720106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 4467DD80 +[2013/11/07 07:38:45.720161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3b0200 +[2013/11/07 07:38:45.720238, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:45.720265, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '4467DD80' stored +[2013/11/07 07:38:45.720306, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x4467dd80 (1147657600) + open_persistent_id : 0x000000004467dd80 (1147657600) + open_volatile_id : 0x000000000aa13ea4 (178339492) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:45.720774, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 4467DD80 +[2013/11/07 07:38:45.720816, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.720856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.720898, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:45.720922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x4467dd80) stored +[2013/11/07 07:38:45.720961, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x0aa13ea4 (178339492) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x4467dd80 (1147657600) + open_persistent_id : 0x000000004467dd80 (1147657600) + open_volatile_id : 0x000000000aa13ea4 (178339492) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:46 2013 CET + compat : NULL +[2013/11/07 07:38:45.721659, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 178339492 (7 used) +[2013/11/07 07:38:45.721709, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:45.721771, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:45.721877, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 14 for pipe \spoolss +[2013/11/07 07:38:45.721984, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:45.722029, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:45.722087, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 178339492 +[2013/11/07 07:38:45.722150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:45.722195, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/93/127 +[2013/11/07 07:38:45.722324, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.722372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 93 (position 93) from bitmap +[2013/11/07 07:38:45.722414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 93 +[2013/11/07 07:38:45.722466, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.722508, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.723416, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.723634, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.723689, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 93, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.723732, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3570488479 +[2013/11/07 07:38:45.723778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:45.723818, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:45.723859, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:45.723897, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:45.723936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.723977, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.724024, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:45.724062, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:45.724103, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.724141, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:45.724179, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:45.724220, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.724268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.724718, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.724757, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.724799, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.724845, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.724886, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.725743, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.725937, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.725982, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:45.726027, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:45.726072, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a8-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.726205, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.726286, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.726365, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.726442, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.726483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.726643, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.726693, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.726735, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.726946, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:45.726989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.727032, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.727074, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.727124, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:45.727540, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:45.727588, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.727628, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.727674, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.727723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.727767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/94/127 +[2013/11/07 07:38:45.727898, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.727947, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 94 (position 94) from bitmap +[2013/11/07 07:38:45.727989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 94 +[2013/11/07 07:38:45.728042, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.728084, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.728848, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.729037, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.729134, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 94, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.729177, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1585650398 +[2013/11/07 07:38:45.729222, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 200 +[2013/11/07 07:38:45.729261, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 200 +[2013/11/07 07:38:45.729301, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 200 +[2013/11/07 07:38:45.729339, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 200 +[2013/11/07 07:38:45.729435, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 200, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.729477, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.729515, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 184 +[2013/11/07 07:38:45.729552, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 184 +[2013/11/07 07:38:45.729593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.729630, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 184 +[2013/11/07 07:38:45.729668, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 184, incoming data = 184 +[2013/11/07 07:38:45.729709, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.729754, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00c8 (200) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000b0 (176) + context_id : 0x0000 (0) + opnum : 0x0041 (65) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=176 + [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 00 00 00 00 00 00 02 00 .Q...... ........ + [0020] 13 00 00 00 00 00 00 00 13 00 00 00 5C 00 5C 00 ........ ....\.\. + [0030] 77 00 69 00 6E 00 38 00 31 00 2D 00 32 00 33 00 w.i.n.8. 1.-.2.3. + [0040] 39 00 2E 00 41 00 52 00 33 00 32 00 49 00 38 00 9...A.R. 3.2.I.8. + [0050] 00 00 00 00 A3 0A 08 C2 04 00 02 00 02 00 00 00 ........ ........ + [0060] 00 00 00 00 02 00 00 00 08 00 02 00 02 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ + [0080] 0C 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 06 00 00 00 10 00 02 00 01 00 00 00 12 00 00 00 ........ ........ + [00A0] 06 00 00 00 00 00 04 00 0A 00 0D 00 10 00 14 00 ........ ........ +[2013/11/07 07:38:45.730535, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.730574, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.730615, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.730660, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.730702, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.731464, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.731663, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.731708, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x41 - api_rpcTNP: rpc command: SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFYEX +[2013/11/07 07:38:45.731755, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[65].fn == 0x7f375c2577f0 +[2013/11/07 07:38:45.731832, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + in: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009a-0000-0000-7b52-7535c5510000 + flags : 0x00000000 (0) + 0: PRINTER_CHANGE_ADD_PRINTER + 0: PRINTER_CHANGE_SET_PRINTER + 0: PRINTER_CHANGE_DELETE_PRINTER + 0: PRINTER_CHANGE_FAILED_CONNECTION_PRINTER + 0: PRINTER_CHANGE_ADD_JOB + 0: PRINTER_CHANGE_SET_JOB + 0: PRINTER_CHANGE_DELETE_JOB + 0: PRINTER_CHANGE_WRITE_JOB + 0: PRINTER_CHANGE_ADD_FORM + 0: PRINTER_CHANGE_SET_FORM + 0: PRINTER_CHANGE_DELETE_FORM + 0: PRINTER_CHANGE_ADD_PORT + 0: PRINTER_CHANGE_CONFIGURE_PORT + 0: PRINTER_CHANGE_DELETE_PORT + 0: PRINTER_CHANGE_ADD_PRINT_PROCESSOR + 0: PRINTER_CHANGE_DELETE_PRINT_PROCESSOR + 0: PRINTER_CHANGE_SERVER + 0: PRINTER_CHANGE_ADD_PRINTER_DRIVER + 0: PRINTER_CHANGE_SET_PRINTER_DRIVER + 0: PRINTER_CHANGE_DELETE_PRINTER_DRIVER + 0: PRINTER_CHANGE_TIMEOUT + options : 0x00000000 (0) + local_machine : * + local_machine : '\\win81-239.AR32I8' + printer_local : 0xc2080aa3 (3255306915) + notify_options : * + notify_options: struct spoolss_NotifyOption + version : 0x00000002 (2) + flags : 0x00000000 (0) + 0: PRINTER_NOTIFY_OPTIONS_REFRESH + count : 0x00000002 (2) + types : * + types: ARRAY(2) + types: struct spoolss_NotifyOptionType + type : PRINTER_NOTIFY_TYPE (0) + u1 : 0x0000 (0) + u2 : 0x00000000 (0) + u3 : 0x00000000 (0) + count : 0x00000001 (1) + fields : * + fields: ARRAY(1) + fields : union spoolss_Field(case 0) + field : PRINTER_NOTIFY_FIELD_STATUS (18) + types: struct spoolss_NotifyOptionType + type : JOB_NOTIFY_TYPE (1) + u1 : 0x0000 (0) + u2 : 0x00000000 (0) + u3 : 0x00000000 (0) + count : 0x00000006 (6) + fields : * + fields: ARRAY(6) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_PRINTER_NAME (0) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_NOTIFY_NAME (4) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_STATUS (10) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_DOCUMENT (13) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_SUBMITTED (16) + fields : union spoolss_Field(case 1) + field : JOB_NOTIFY_FIELD_TOTAL_PAGES (20) +[2013/11/07 07:38:45.733134, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.733220, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.733298, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.733348, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2699(_spoolss_RemoteFindFirstPrinterChangeNotifyEx) + _spoolss_RemoteFindFirstPrinterChangeNotifyEx: remote_address is ipv4:10.200.8.239:50547 +[2013/11/07 07:38:45.733481, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2462(spoolss_connect_to_client) + spoolss_connect_to_client: Using address 10.200.8.239 (no name resolution necessary) +[2013/11/07 07:38:45.733704, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/util_sock.c:585(open_socket_out_send) + Connecting to 10.200.8.239 at port 445 +[2013/11/07 07:38:45.735142, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/util/util_net.c:848(print_socket_options) + Socket options: + SO_KEEPALIVE = 0 + SO_REUSEADDR = 0 + SO_BROADCAST = 0 + TCP_NODELAY = 1 + TCP_KEEPCNT = 9 + TCP_KEEPIDLE = 7200 + TCP_KEEPINTVL = 75 + IPTOS_LOWDELAY = 0 + IPTOS_THROUGHPUT = 0 + SO_REUSEPORT = 0 + SO_SNDBUF = 23400 + SO_RCVBUF = 87380 + SO_SNDLOWAT = 1 + SO_RCVLOWAT = 1 + SO_SNDTIMEO = 0 + SO_RCVTIMEO = 0 + TCP_QUICKACK = 1 + TCP_DEFER_ACCEPT = 0 +[2013/11/07 07:38:45.740121, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/libsmb/clientgen.c:124(cli_init_creds) + cli_init_creds: user domain +[2013/11/07 07:38:45.741779, 2, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2499(spoolss_connect_to_client) + spoolss_connect_to_client: unable to open the spoolss pipe on machine win81-239.AR32I8. Error was : NT_STATUS_ACCESS_DENIED. +[2013/11/07 07:38:45.743035, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + out: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + result : WERR_SERVER_UNAVAILABLE +[2013/11/07 07:38:45.743297, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.743402, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.743476, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 184 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 200 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.743847, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 200 +[2013/11/07 07:38:45.743922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.743994, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.744065, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. +[2013/11/07 07:38:45.744156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x001c (28) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000004 (4) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4 + [0000] BA 06 00 00 .... +[2013/11/07 07:38:45.744798, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 53 +[2013/11/07 07:38:45.744880, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 28 bytes. There is no more data outstanding +[2013/11/07 07:38:45.744948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 28 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.745024, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 28 status NT_STATUS_OK +[2013/11/07 07:38:45.745106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:28] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.745182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/95/127 +[2013/11/07 07:38:45.745526, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.745619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 95 (position 95) from bitmap +[2013/11/07 07:38:45.745690, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 95 +[2013/11/07 07:38:45.745793, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.745933, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.747264, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.747802, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.747890, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 95, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.747982, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:45.748115, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 64 +[2013/11/07 07:38:45.748186, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 64 +[2013/11/07 07:38:45.748256, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 64 +[2013/11/07 07:38:45.748321, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 +[2013/11/07 07:38:45.748387, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.748472, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.748536, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 48 +[2013/11/07 07:38:45.748599, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 +[2013/11/07 07:38:45.748668, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.748730, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 48 +[2013/11/07 07:38:45.748793, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 +[2013/11/07 07:38:45.748863, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.748942, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0040 (64) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000028 (40) + context_id : 0x0000 (0) + opnum : 0x0004 (4) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=40 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:45.749878, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.749946, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.750016, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.750092, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.750161, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.751441, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.751755, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.751830, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS +[2013/11/07 07:38:45.751902, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[4].fn == 0x7f375c2619b0 +[2013/11/07 07:38:45.751979, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + in: struct spoolss_EnumJobs + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 + firstjob : 0x00000000 (0) + numjobs : 0xffffffff (4294967295) + level : 0x00000002 (2) + buffer : NULL + offered : 0x00000000 (0) +[2013/11/07 07:38:45.752350, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:7299(_spoolss_EnumJobs) + _spoolss_EnumJobs +[2013/11/07 07:38:45.752420, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.752552, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.752750, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.752841, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.752910, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.753051, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.753164, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.753634, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.753710, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.753785, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.753853, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.753918, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.753983, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.754220, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.754295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.754386, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.754452, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.754518, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.754579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.754709, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.754844, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b5-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.755146, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b5-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.755878, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.756013, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.756079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.756149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.756212, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.756297, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.756358, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.756473, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.756541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.756611, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.756674, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.756740, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.756802, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.756902, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.756970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.757039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.757102, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.757168, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.757230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.757325, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.757493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.757567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.757630, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.757699, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.757762, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.757886, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.757968, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.758039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.758104, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.758173, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.758235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.758338, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.758407, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.758479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.758544, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.758614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.758675, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.758787, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.758856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.758927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.758991, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.759060, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.759122, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.759232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.759301, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.759382, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.759572, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.759643, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.759711, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.759784, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.759916, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.760209, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.760569, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.760708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.760779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.760883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.760957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.761027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.761096, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.761180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.761252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.761322, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.761487, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.761533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.761577, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.761620, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.761662, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.761704, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.761748, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.761814, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.762270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.762660, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.762738, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.762784, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.763184, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.763560, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.763637, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.763689, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.764050, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.764424, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.764501, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.764545, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.765011, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.765435, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.765516, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.765561, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.765958, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.766340, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.766417, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.766460, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.767425, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.767799, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.767876, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.767919, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.768550, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.768923, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.768999, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.769043, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.769708, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.770103, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.770180, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.770239, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.770631, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.771006, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.771084, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.771129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.775633, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.776013, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.776092, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.776140, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.776761, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.777137, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.777215, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.777259, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.777690, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.778060, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.778137, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.778188, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.778581, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.778954, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.779031, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.779077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.779520, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.779866, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.779944, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.779984, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.780029, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.780069, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.780290, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.780517, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.780567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.780610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.780649, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.780688, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.780725, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.780799, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.780879, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b7-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.781047, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b7-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.781546, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.781628, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.781669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.781711, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.781758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.781797, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.781835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.781900, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.781941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.781983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.782021, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.782061, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.782099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.782159, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.782199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.782242, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.782279, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.782320, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.782357, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.782414, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.782455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.782497, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.782535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.782576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.782613, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.782691, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.782732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.782775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.782815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.782857, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.782895, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.782955, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.782996, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.783040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.783079, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.783122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.783159, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.783224, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.783265, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.783309, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.783348, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.783390, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.783428, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.783497, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.783540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.783588, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.783627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.783667, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.783707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.783750, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.783827, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b8-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.783999, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b8-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.784339, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.784416, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.784455, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.784495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.784536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.784603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.784647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.784689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.784731, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.784773, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.784815, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.784857, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.784900, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.784942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.784985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.785027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.785070, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.785112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.785156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.785483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b8-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.785869, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.785948, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.785988, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.786033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.790433, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b8-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.790567, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.790645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.790741, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.790787, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.790839, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.791002, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b7-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.791132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.791209, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.791297, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.791337, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.791376, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.791539, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b6-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.791675, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.791753, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.791829, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.791873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.791914, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.792073, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b5-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.792201, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.792278, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.792354, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.792393, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.792452, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.792614, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.792780, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) + get_stored_queue_info: qcount = 0, extra_count = 0 + count:[0], status:[0], [] +[2013/11/07 07:38:45.792853, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + out: struct spoolss_EnumJobs + count : * + count : 0x00000000 (0) + info : * + info : NULL + needed : * + needed : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.793032, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.793087, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.793131, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 48 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 64 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.793352, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 64 +[2013/11/07 07:38:45.793473, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:45.793518, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:45.793561, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. +[2013/11/07 07:38:45.793615, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0028 (40) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000010 (16) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=16 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ +[2013/11/07 07:38:45.794007, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:45.794055, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 40 bytes. There is no more data outstanding +[2013/11/07 07:38:45.794106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 40 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.794153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 40 status NT_STATUS_OK +[2013/11/07 07:38:45.794196, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:40] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.794240, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/96/127 +[2013/11/07 07:38:45.794386, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.794437, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 96 (position 96) from bitmap +[2013/11/07 07:38:45.794479, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 96 +[2013/11/07 07:38:45.794539, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.794583, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.795358, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.795628, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.795683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 96, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.795726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1017618511 +[2013/11/07 07:38:45.795774, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:45.795813, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:45.795854, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:45.795892, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:45.795931, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.795971, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.796009, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.796047, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:45.796088, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.796125, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:45.796163, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:45.796205, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.796251, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:45.797090, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.797129, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.797173, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.797218, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.797259, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.798169, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.798392, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.798438, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:45.798483, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:45.798539, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:45.799069, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:45.799116, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.799195, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:45.799251, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:45.799348, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:45.799413, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:45.799454, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.799531, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.799607, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.799673, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:45.799841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:45.799892, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:45.799993, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.800047, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.800089, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.800181, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.800246, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.800472, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.800516, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.800561, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.800601, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.800640, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.800689, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.800831, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.800874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.800918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.800957, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.800998, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.801035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.801109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.801189, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ba-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.801436, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ba-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.801883, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.801964, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.802017, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.802059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.802097, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.802138, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.802175, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.802245, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.802286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.802328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.802365, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.802406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.802443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.802504, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.802545, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.802590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.802627, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.802668, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.802705, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.802763, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.802804, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.802847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.802885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.802935, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.802973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.803046, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.803088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.803132, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.803172, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.803214, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.803251, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.803311, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.803352, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.803396, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.803435, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.803477, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.803515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.803583, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.803624, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.803668, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.803707, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.803749, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.803786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.803863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.803904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.803945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.803985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.804025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.804064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.804107, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.804184, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bb-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.804344, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:45.804401, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bb-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.804530, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.804607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.804682, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.804723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.804764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.804934, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ba-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.805064, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.805141, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.805217, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.805256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.805309, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.805561, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.805612, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b9-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.805765, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.805818, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.805861, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.806077, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:45.806128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.806171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.806213, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:45.806264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:45.806684, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:45.806732, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:45.806772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.806817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:45.806859, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.806904, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/97/127 +[2013/11/07 07:38:45.807052, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.807100, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 97 (position 97) from bitmap +[2013/11/07 07:38:45.807141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 97 +[2013/11/07 07:38:45.807197, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.807248, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.808018, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.808209, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.808258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 97, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.808300, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 4073323938 +[2013/11/07 07:38:45.808346, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1064 +[2013/11/07 07:38:45.808388, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 2088, current_pdu_sent = 1024 returning 1064 bytes. +[2013/11/07 07:38:45.808434, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 60 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.808651, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1064 bytes. There is more data outstanding +[2013/11/07 07:38:45.808696, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:1064] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:45.808741, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/98/127 +[2013/11/07 07:38:45.808853, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.808901, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 98 (position 98) from bitmap +[2013/11/07 07:38:45.808943, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 98 +[2013/11/07 07:38:45.808992, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.809035, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.810042, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.810241, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.810303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 98, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.810346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 178339492 +[2013/11/07 07:38:45.810392, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:45.810434, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:45.810474, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:45.810514, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.810555, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.810593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.810631, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:45.810673, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.810711, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:45.810749, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:45.810791, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.810873, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.811804, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:45.811849, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.811891, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:45.811930, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:45.811975, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:45.812017, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 15 for pipe \spoolss +[2013/11/07 07:38:45.812076, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:45.812759, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.812985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:45.813033, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/99/127 +[2013/11/07 07:38:45.813166, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.813214, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 99 (position 99) from bitmap +[2013/11/07 07:38:45.813257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 99 +[2013/11/07 07:38:45.813311, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.813421, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.814218, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.814412, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.814463, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 3570488479 +[2013/11/07 07:38:45.814514, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.814555, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:45.814599, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 033C4D1B +[2013/11/07 07:38:45.814656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d391f00 +[2013/11/07 07:38:45.814712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 033C4D1B +[2013/11/07 07:38:45.814754, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:45.814793, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:45.814850, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 3570488479 (6 used) +[2013/11/07 07:38:45.814909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:45.814955, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/100/127 +[2013/11/07 07:38:45.815080, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.815128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 100 (position 100) from bitmap +[2013/11/07 07:38:45.815170, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 100 +[2013/11/07 07:38:45.815221, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.815264, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.816079, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.816269, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.816319, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 100, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.816361, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1585650398 +[2013/11/07 07:38:45.816408, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 68 +[2013/11/07 07:38:45.816448, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 68 +[2013/11/07 07:38:45.816489, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 68 +[2013/11/07 07:38:45.816528, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 68 +[2013/11/07 07:38:45.816567, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.816608, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.816653, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 52 +[2013/11/07 07:38:45.816691, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 52 +[2013/11/07 07:38:45.816733, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.816770, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 52 +[2013/11/07 07:38:45.816808, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 52, incoming data = 52 +[2013/11/07 07:38:45.816849, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.816895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x0000002c (44) + context_id : 0x0000 (0) + opnum : 0x0043 (67) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=44 + [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 01 00 00 00 00 00 02 00 02 00 00 00 .Q...... ........ + [0020] 01 00 00 00 00 00 00 00 00 00 00 00 ........ .... +[2013/11/07 07:38:45.817446, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.817487, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.817529, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.817577, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.817618, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.818506, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.818701, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.818747, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x43 - api_rpcTNP: rpc command: SPOOLSS_ROUTERREFRESHPRINTERCHANGENOTIFY +[2013/11/07 07:38:45.818791, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[67].fn == 0x7f375c257270 +[2013/11/07 07:38:45.818839, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RouterRefreshPrinterChangeNotify: struct spoolss_RouterRefreshPrinterChangeNotify + in: struct spoolss_RouterRefreshPrinterChangeNotify + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000009a-0000-0000-7b52-7535c5510000 + change_low : 0x00000001 (1) + options : * + options: struct spoolss_NotifyOption + version : 0x00000002 (2) + flags : 0x00000001 (1) + 1: PRINTER_NOTIFY_OPTIONS_REFRESH + count : 0x00000000 (0) + types : NULL +[2013/11/07 07:38:45.819157, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.819242, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:3735(_spoolss_RouterRefreshPrinterChangeNotify) + Printer type 1 +[2013/11/07 07:38:45.819286, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.819375, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:3615(printer_notify_info) + printer_notify_info +[2013/11/07 07:38:45.819414, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.819491, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.819613, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.819669, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.819711, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.819800, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.819870, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.820100, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.820144, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.820188, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.820228, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.820267, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.820306, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.820447, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.820491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.820537, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.820576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.820629, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.820667, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.820744, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.820825, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bc-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.821007, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bc-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.821549, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.821633, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.821674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.821718, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.821756, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.821798, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.821835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.821917, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.822024, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.822071, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.822110, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.822151, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.822188, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.822251, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.822293, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.822336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.822375, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.822415, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.822453, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.822511, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.822553, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.822597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.822635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.822676, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.822715, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.822788, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.822830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.822874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.822922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.822966, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.823004, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.823064, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.823106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.823149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.823189, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.823231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.823269, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.823336, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.823378, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.823422, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.823461, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.823504, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.823541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.823609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.823651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.823693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.823733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.823781, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.823822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.823866, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.823945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.824127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.824343, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.824426, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.824468, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.824534, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.824578, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.824621, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.824663, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.824706, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.824749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.824801, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.824845, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.824887, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.824930, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.824973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.825016, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.825059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.825103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.825146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.825189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.825232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.825275, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.825319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.825446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.825913, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.826296, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.826375, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.826422, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.826787, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.827170, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.827249, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.827293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.827754, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.828128, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.828206, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.828251, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.828655, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.829028, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.829106, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.829151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.830213, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.830591, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.830670, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.830718, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.831364, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.831739, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.831817, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.831864, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.832268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.832647, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.832725, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.832771, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.837417, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.837798, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.837876, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.837924, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.838563, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.838936, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.839013, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.839059, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.839462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.839835, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.839912, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.839958, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.840352, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.840732, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.840810, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.840855, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(56) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x55 (85) + [7] : 0x00 (0) + [8] : 0x6e (110) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x76 (118) + [13] : 0x00 (0) + [14] : 0x65 (101) + [15] : 0x00 (0) + [16] : 0x72 (114) + [17] : 0x00 (0) + [18] : 0x73 (115) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x6c (108) + [23] : 0x00 (0) + [24] : 0x20 (32) + [25] : 0x00 (0) + [26] : 0x50 (80) + [27] : 0x00 (0) + [28] : 0x72 (114) + [29] : 0x00 (0) + [30] : 0x69 (105) + [31] : 0x00 (0) + [32] : 0x6e (110) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x69 (105) + [37] : 0x00 (0) + [38] : 0x6e (110) + [39] : 0x00 (0) + [40] : 0x67 (103) + [41] : 0x00 (0) + [42] : 0x20 (32) + [43] : 0x00 (0) + [44] : 0x50 (80) + [45] : 0x00 (0) + [46] : 0x43 (67) + [47] : 0x00 (0) + [48] : 0x4c (76) + [49] : 0x00 (0) + [50] : 0x20 (32) + [51] : 0x00 (0) + [52] : 0x36 (54) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + size : * + size : 0x00000038 (56) + length : * + length : 0x00000038 (56) + result : WERR_OK +[2013/11/07 07:38:45.842164, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.842574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.842652, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.842698, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.843080, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.843453, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.843530, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.843576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.843938, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.844318, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.844395, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.844442, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.844802, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.845175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.845252, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.845297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.845770, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.846144, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.846221, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.846268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.846662, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.847042, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.847120, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.847165, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.847794, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.848174, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.848252, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.848298, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.848740, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.849087, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.849165, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.849215, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.849261, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.849302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.849571, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.849802, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.849844, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.849889, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.849928, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.849970, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.850008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.850092, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.850174, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000be-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.850343, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000be-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.850795, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.850878, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.850918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.850960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.850999, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.851039, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.851076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.851142, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.851184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.851226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.851264, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.851305, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.851342, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.851403, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.851452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.851495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.851534, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.851576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.851614, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.851672, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.851713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.851756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.851796, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.851838, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.851876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.851948, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.851990, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.852034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.852074, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.852117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.852155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.852214, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.852256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.852299, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.852351, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.852395, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.852433, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.852498, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.852540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.852584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.852624, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.852666, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.852703, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.852769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.852811, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.852852, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.852892, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.852933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.852973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.853016, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.853094, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bf-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.853265, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bf-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.853662, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.853741, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.853781, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.853822, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.853865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.853926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.853969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.854012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.854055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.854097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.854139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.854182, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.854225, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.854268, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.854319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.854362, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.854405, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.854447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.854490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.854533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.854575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.854618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.854660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.854704, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.854919, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bf-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.855277, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.855362, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.855402, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.855446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.860024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bf-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.860165, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.860253, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.860330, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.860375, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.860416, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.860579, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000be-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.860709, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.860786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.860862, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.860903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.860944, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.861108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bd-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.861237, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.861315, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.861461, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.861508, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.861549, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.861711, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000bc-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.861841, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.861919, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.861994, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.862034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.862097, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.862261, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.862317, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:3386(construct_notify_printer_info) + construct_notify_printer_info: Notify type: [PRINTER_NOTIFY_TYPE], number of notify info: [1] on printer: [printer5] +[2013/11/07 07:38:45.862371, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:3391(construct_notify_printer_info) + construct_notify_printer_info: notify [0]: type [0], field [12] +[2013/11/07 07:38:45.862413, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:3411(construct_notify_printer_info) + construct_notify_printer_info: calling [PRINTER_NOTIFY_FIELD_STATUS] snum=6 printername=[printer5]) +[2013/11/07 07:38:45.862580, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) + get_stored_queue_info: qcount = 0, extra_count = 0 +[2013/11/07 07:38:45.862640, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RouterRefreshPrinterChangeNotify: struct spoolss_RouterRefreshPrinterChangeNotify + out: struct spoolss_RouterRefreshPrinterChangeNotify + info : * + info : * + info: struct spoolss_NotifyInfo + version : 0x00000002 (2) + flags : 0x00000000 (0) + count : 0x00000001 (1) + notifies: ARRAY(1) + notifies: struct spoolss_Notify + type : PRINTER_NOTIFY_TYPE (0) + field : union spoolss_Field(case 0) + field : PRINTER_NOTIFY_FIELD_STATUS (18) + variable_type : NOTIFY_TABLE_DWORD (1) + job_id : 0x00000000 (0) + data : union spoolss_NotifyData(case 1) + integer: ARRAY(2) + integer : 0x00000000 (0) + integer : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.863076, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.863139, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.863184, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 52 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 68 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.863411, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 68 +[2013/11/07 07:38:45.863455, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:45.863498, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:45.863542, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 48. +[2013/11/07 07:38:45.863596, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0048 (72) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000030 (48) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=48 + [0000] 04 00 02 00 01 00 00 00 02 00 00 00 00 00 00 00 ........ ........ + [0010] 01 00 00 00 00 00 12 00 01 00 00 00 00 00 00 00 ........ ........ + [0020] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ +[2013/11/07 07:38:45.864072, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 85 +[2013/11/07 07:38:45.864123, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 72 bytes. There is no more data outstanding +[2013/11/07 07:38:45.864164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 72 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.864212, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 72 status NT_STATUS_OK +[2013/11/07 07:38:45.864256, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:72] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.864302, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/101/127 +[2013/11/07 07:38:45.864458, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.864508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 101 (position 101) from bitmap +[2013/11/07 07:38:45.864552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 101 +[2013/11/07 07:38:45.864614, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.864659, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.865558, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.865756, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.865811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 101, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.865854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:45.865902, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 1740 +[2013/11/07 07:38:45.865942, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 1740 +[2013/11/07 07:38:45.865984, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1740 +[2013/11/07 07:38:45.866022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1740 +[2013/11/07 07:38:45.866062, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 1740, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.866103, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.866141, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1724 +[2013/11/07 07:38:45.866180, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1724 +[2013/11/07 07:38:45.866223, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.866262, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1724 +[2013/11/07 07:38:45.866300, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1724, incoming data = 1724 +[2013/11/07 07:38:45.866350, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.866401, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x06cc (1740) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000006b4 (1716) + context_id : 0x0000 (0) + opnum : 0x0004 (4) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=1716 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 .Q...... ........ + [0020] 00 00 02 00 88 06 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 88 06 00 00 .... +[2013/11/07 07:38:45.870623, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.870666, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.870713, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.870761, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.870803, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.871582, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.871774, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.871819, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS +[2013/11/07 07:38:45.871862, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[4].fn == 0x7f375c2619b0 +[2013/11/07 07:38:45.871911, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + in: struct spoolss_EnumJobs + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 + firstjob : 0x00000000 (0) + numjobs : 0xffffffff (4294967295) + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=1672 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 ........ + offered : 0x00000688 (1672) +[2013/11/07 07:38:45.875895, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:7299(_spoolss_EnumJobs) + _spoolss_EnumJobs +[2013/11/07 07:38:45.875939, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.876020, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:45.876150, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.876207, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.876251, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.876350, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.876422, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.876660, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.876705, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.876750, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.876791, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.876830, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.876869, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.877020, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.877064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.877110, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.877150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.877191, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.877230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.877307, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.877472, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c0-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.877659, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c0-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.878112, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.878194, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.878235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.878279, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.878317, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.878359, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.878396, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.878467, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.878510, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.878552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.878591, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.878632, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.878670, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.878731, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.878773, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.878815, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.878861, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.878903, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.878941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.878999, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.879041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.879084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.879122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.879165, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.879203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.879276, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.879318, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.879361, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.879401, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.879444, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.879482, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.879542, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.879583, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.879626, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.879666, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.879708, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.879747, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.879822, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.879865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.879909, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.879951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.879995, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.880033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.880104, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.880146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.880188, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.880228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.880268, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.880308, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.880352, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.880431, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.880601, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.880825, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.880907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.880950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.881012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.881056, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.881098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.881141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.881183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.881226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.881268, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.881311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.881354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.881481, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.881524, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.881568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.881611, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.881655, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.881721, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.882181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.882559, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.882638, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.882684, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.883090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.883467, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.883546, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.883591, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.883957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.884338, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.884416, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.884460, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.884920, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.885291, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.885423, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.885479, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.885876, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.886248, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.886326, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.886372, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.887337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.887707, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.887785, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.887831, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.888464, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.888835, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.888911, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.888957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.889655, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.890027, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.890105, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.890151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.890552, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.890926, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.891004, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.891050, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.895611, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.895996, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.896075, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.896121, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.896776, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.897155, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.897233, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.897279, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.897727, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.898101, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.898179, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.898226, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.898620, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.899002, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.899080, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.899126, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.899553, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.899896, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.899973, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.900014, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.900067, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.900108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.900329, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.900555, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.900597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.900639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.900678, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.900718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.900756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.900829, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.900909, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c2-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.901075, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c2-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.901565, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.901648, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.901689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.901731, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.901769, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.901810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.901847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.901913, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.901955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.901997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.902035, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.902075, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.902112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.902172, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.902214, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.902257, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.902303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.902345, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.902383, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.902440, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.902481, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.902525, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.902564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.902605, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.902643, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.902714, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.902757, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.902800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.902841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.902884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.902922, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.902983, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.903024, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.903069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.903109, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.903153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.903203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.903270, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:45.903313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.903358, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.903398, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.903440, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.903479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.903548, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.903590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.903633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.903673, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.903713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.903754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.903797, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.903877, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c3-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.904053, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c3-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.904406, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.904485, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.904526, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.904568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.904610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.904670, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:45.904713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:45.904756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:45.904799, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:45.904841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:45.904884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:45.904927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:45.904970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:45.905013, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:45.905057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:45.905108, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:45.905152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:45.905194, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:45.905239, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.905519, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c3-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.905880, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.905959, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:45.905998, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.906044, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.910574, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c3-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.910710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.910789, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.910866, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.910911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.910952, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.911116, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c2-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.911253, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.911331, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.911407, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.911447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.911488, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.911652, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c1-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.911782, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.911859, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.911935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.911979, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.912020, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.912182, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c0-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.912320, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.912398, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.912474, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.912515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.912573, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.912736, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.913078, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) + get_stored_queue_info: qcount = 0, extra_count = 0 + count:[0], status:[0], [] +[2013/11/07 07:38:45.913155, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + out: struct spoolss_EnumJobs + count : * + count : 0x00000000 (0) + info : * + info : NULL + needed : * + needed : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.913479, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.913548, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.913593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 1724 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 1740 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.913817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 1740 +[2013/11/07 07:38:45.913924, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:45.913972, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:45.914028, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1692. +[2013/11/07 07:38:45.914085, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x06b4 (1716) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x0000069c (1692) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=1692 + [0000] 04 00 02 00 88 06 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 ........ .... +[2013/11/07 07:38:45.918174, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:45.918228, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1716 bytes. There is no more data outstanding +[2013/11/07 07:38:45.918271, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1716 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.918319, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1716 status NT_STATUS_OK +[2013/11/07 07:38:45.918363, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:1716] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.918408, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/102/127 +[2013/11/07 07:38:45.918582, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.918634, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 102 (position 102) from bitmap +[2013/11/07 07:38:45.918676, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 102 +[2013/11/07 07:38:45.918736, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.918780, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.919560, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.919754, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.919806, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 102, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.919885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4073323938 +[2013/11/07 07:38:45.919935, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 2108 +[2013/11/07 07:38:45.919974, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 2108 +[2013/11/07 07:38:45.920015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2108 +[2013/11/07 07:38:45.920054, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 2108 +[2013/11/07 07:38:45.920093, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 2108, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.920134, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.920171, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:45.920217, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 2092 +[2013/11/07 07:38:45.920260, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.920298, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:45.920336, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 2092, incoming data = 2092 +[2013/11/07 07:38:45.920378, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.920427, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x083c (2108) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000824 (2084) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2084 + [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 08 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 08 00 00 .... +[2013/11/07 07:38:45.925551, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:45.925595, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:45.925642, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.925689, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.925730, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.926500, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.926691, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:45.926777, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:45.926823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:45.926880, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a5-0000-0000-7b52-7535c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=2048 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00000800 (2048) +[2013/11/07 07:38:45.931652, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.931738, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.931816, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:45.931949, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:45.932007, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:45.932049, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:45.932160, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:45.932233, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.932468, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.932512, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.932558, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.932598, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:45.932638, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:45.932677, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:45.932835, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:45.932879, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:45.932925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.932964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.933006, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.933044, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.933126, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.933208, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c4-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.933463, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c4-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.933935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.934018, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.934059, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:45.934102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.934141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.934182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.934220, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.934291, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.934333, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.934375, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.934413, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.934454, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.934491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.934552, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.934602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.934644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.934682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.934723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.934760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.934818, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.934860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.934903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.934941, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.934982, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.935019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.935091, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.935133, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.935177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.935216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.935258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.935296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.935356, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.935397, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.935440, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.935487, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.935531, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.935568, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.935638, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.935680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.935724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.935763, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.935806, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.935843, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.935910, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.935952, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.935993, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.936034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.936074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.936114, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.936158, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.936237, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.936412, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:45.936638, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.936721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.936765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.936830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.936875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.936918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.936960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.937002, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.937045, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.937087, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.937130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.937173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.937215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.937258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.937302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.937345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.937454, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.937499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.937542, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.937585, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.937629, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.937672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.937739, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:45.938192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.938574, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.938661, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.938709, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.939077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.939453, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.939531, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.939577, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:45.940047, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.940421, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.940499, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.940544, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.940939, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.941321, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.941495, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.941543, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:45.942512, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.942887, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.942965, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.943011, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.943649, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.944023, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.944101, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.944147, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.948151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.948556, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.948638, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.948851, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.954451, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.954853, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.954936, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.954991, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.955641, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.956015, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.956093, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.956140, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.956537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.956916, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.956993, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.957039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.957498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.957871, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.957948, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.957995, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(56) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x55 (85) + [7] : 0x00 (0) + [8] : 0x6e (110) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x76 (118) + [13] : 0x00 (0) + [14] : 0x65 (101) + [15] : 0x00 (0) + [16] : 0x72 (114) + [17] : 0x00 (0) + [18] : 0x73 (115) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x6c (108) + [23] : 0x00 (0) + [24] : 0x20 (32) + [25] : 0x00 (0) + [26] : 0x50 (80) + [27] : 0x00 (0) + [28] : 0x72 (114) + [29] : 0x00 (0) + [30] : 0x69 (105) + [31] : 0x00 (0) + [32] : 0x6e (110) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x69 (105) + [37] : 0x00 (0) + [38] : 0x6e (110) + [39] : 0x00 (0) + [40] : 0x67 (103) + [41] : 0x00 (0) + [42] : 0x20 (32) + [43] : 0x00 (0) + [44] : 0x50 (80) + [45] : 0x00 (0) + [46] : 0x43 (67) + [47] : 0x00 (0) + [48] : 0x4c (76) + [49] : 0x00 (0) + [50] : 0x20 (32) + [51] : 0x00 (0) + [52] : 0x36 (54) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + size : * + size : 0x00000038 (56) + length : * + length : 0x00000038 (56) + result : WERR_OK +[2013/11/07 07:38:45.959263, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.959641, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.959718, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.959763, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.960219, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.960602, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.960680, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.960726, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.961089, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.961509, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.961588, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.961635, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:45.962006, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.962380, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.962458, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.962505, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.962898, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.963278, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.963355, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.963401, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.963794, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.964165, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.964242, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.964296, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:45.964923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:45.965294, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.965428, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.965478, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:45.965936, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.966285, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.966364, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.966405, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.966453, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:45.966494, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:45.966719, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.966956, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:45.967000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:45.967046, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:45.967085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:45.967128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.967166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:45.967262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.967343, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c6-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.967514, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c6-0000-0000-7b52-7535c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:45.967952, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.968041, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:45.968083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:45.968125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.968163, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.968204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.968241, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:45.968306, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:45.968347, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:45.968389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.968426, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.968477, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.968516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:45.968577, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:45.968618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:45.968660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.968698, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.968739, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.968776, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:45.968834, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:45.968875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:45.968925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.968963, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.969005, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.969041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:45.969113, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:45.969154, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:45.969197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.969236, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.969278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.969315, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:45.969424, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:45.969470, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:45.969514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.969554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.969596, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.969633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:45.969698, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:45.969739, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:45.969783, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.969822, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.969873, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:45.969911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.969977, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:45.970019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:45.970060, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:45.970099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:45.970139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:45.970178, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:45.970221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.970299, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c7-0000-0000-7b52-7535c5510000 + result : WERR_OK +[2013/11/07 07:38:45.970475, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c7-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.970823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.970900, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.970949, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.970989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:45.971033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.971095, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:45.971139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:45.971182, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:45.971223, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:45.971265, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:45.971307, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:45.971350, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:45.971392, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:45.971435, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:45.971476, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:45.971519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:45.971562, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:45.971604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:45.971647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:45.971689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:45.971745, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:45.971788, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:45.971831, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:45.971875, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:45.972088, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c7-0000-0000-7b52-7535c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:45.972450, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.972528, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:45.972567, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:45.972612, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:45.977042, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c7-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.977178, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.977257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.977334, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.977446, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:45.977491, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.977655, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c6-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.977794, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.977872, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.977948, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.977989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:45.978030, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.978194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c5-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.978325, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.978403, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.978478, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.978524, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:45.978565, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.978728, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c4-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:45.978864, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.978941, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:45.979017, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:45.979057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:45.979123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:45.979290, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:45.979529, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer5' + sharename : * + sharename : 'printer5' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : 'HP Universal Printing PCL 6' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer5' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x00000328 (808) + result : WERR_OK +[2013/11/07 07:38:45.984615, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:45.984685, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.984731, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 2092 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 2108 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:45.984965, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 2108 +[2013/11/07 07:38:45.985009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 2088 +[2013/11/07 07:38:45.985052, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 2088 +[2013/11/07 07:38:45.985095, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 2064. +[2013/11/07 07:38:45.985150, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0828 (2088) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000810 (2064) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2064 + [0000] 04 00 02 00 00 08 00 00 EA 07 00 00 C2 07 00 00 ........ ........ + [0010] B0 07 00 00 8A 07 00 00 52 07 00 00 50 07 00 00 ........ R...P... + [0020] 4E 07 00 00 54 06 00 00 4C 07 00 00 3A 07 00 00 N...T... L...:... + [0030] 32 07 00 00 30 07 00 00 5C 05 00 00 48 10 00 00 2...0... \...H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 01 00 04 80 D8 00 00 00 E8 00 00 00 ........ ........ + [0570] 00 00 00 00 14 00 00 00 02 00 C4 00 07 00 00 00 ........ ........ + [0580] 00 02 14 00 08 00 02 20 01 01 00 00 00 00 00 01 ....... ........ + [0590] 00 00 00 00 00 09 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ + [05A0] 00 00 00 05 15 00 00 00 74 A5 12 52 CD 51 D9 8F ........ t..R.Q.. + [05B0] D1 31 A4 CA F4 01 00 00 00 02 24 00 0C 00 0F 10 .1...... ..$..... + [05C0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [05D0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 09 18 00 .Q...1.. ........ + [05E0] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... + [05F0] 20 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 ....... ........ + [0600] 00 00 00 05 20 00 00 00 20 02 00 00 00 09 18 00 .... ... ....... + [0610] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... + [0620] 26 02 00 00 00 02 18 00 0C 00 0F 10 01 02 00 00 &....... ........ + [0630] 00 00 00 05 20 00 00 00 26 02 00 00 01 02 00 00 .... ... &....... + [0640] 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 .... ... ....... + [0650] 00 00 00 05 20 00 00 00 20 02 00 00 5C 00 5C 00 .... ... ...\.\. + [0660] 4D 00 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 M.E.M.B. E.R.4.3. + [0670] 5C 00 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 \.p.r.i. n.t.e.r. + [0680] 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5....... ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 00 04 ........ ........ + [06A0] DC 00 00 00 13 47 01 00 01 00 01 00 00 00 00 00 .....G.. ........ + [06B0] 64 00 01 00 0F 00 FC FF 01 00 01 00 00 00 03 00 d....... ........ + [06C0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 52 00 41 00 57 00 ........ ..R.A.W. + [0740] 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 6E 00 ..w.i.n. p.r.i.n. + [0750] 74 00 00 00 00 00 00 00 00 00 48 00 50 00 20 00 t....... ..H.P. . + [0760] 55 00 6E 00 69 00 76 00 65 00 72 00 73 00 61 00 U.n.i.v. e.r.s.a. + [0770] 6C 00 20 00 50 00 72 00 69 00 6E 00 74 00 69 00 l. .P.r. i.n.t.i. + [0780] 6E 00 67 00 20 00 50 00 43 00 4C 00 20 00 36 00 n.g. .P. C.L. .6. + [0790] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [07A0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [07B0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [07C0] 74 00 65 00 72 00 35 00 00 00 5C 00 5C 00 4D 00 t.e.r.5. ..\.\.M. + [07D0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [07E0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 35 00 p.r.i.n. t.e.r.5. + [07F0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [0800] 52 00 34 00 33 00 00 00 28 03 00 00 00 00 00 00 R.4.3... (....... +[2013/11/07 07:38:45.990154, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1335 +[2013/11/07 07:38:45.990212, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 2088 bytes. There is no more data outstanding +[2013/11/07 07:38:45.990254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 2088 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:45.990303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 2088 status NT_STATUS_OK +[2013/11/07 07:38:45.990346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:2088] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:45.990391, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/103/127 +[2013/11/07 07:38:45.990608, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:45.990663, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 103 (position 103) from bitmap +[2013/11/07 07:38:45.990706, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 103 +[2013/11/07 07:38:45.990770, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:45.990814, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:45.991589, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:45.991783, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:45.991836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 103, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:45.991879, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1017618511 +[2013/11/07 07:38:45.991988, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:45.992031, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:45.992073, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:45.992112, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:45.992151, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:45.992192, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:45.992230, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.992267, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:45.992309, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:45.992348, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:45.992385, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:45.992428, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:45.992479, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:46.002038, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.002082, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.002130, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.002184, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.002226, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.002994, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.003183, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.003229, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:46.003273, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:46.003321, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b9-0000-0000-7b52-7535c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:46.012619, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.012711, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.012789, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:46.012927, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.012986, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.013029, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.013293, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.013467, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.013707, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.013752, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.013797, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.013837, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.013876, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.013916, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.014069, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.014114, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.014158, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.014198, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.014239, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.014277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.014369, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.014452, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c8-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.014639, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c8-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.015083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.015165, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.015207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.015250, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.015289, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.015329, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.015367, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.015434, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.015476, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.015527, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.015566, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.015608, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.015646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.015706, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.015748, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.015791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.015829, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.015870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.015907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.015966, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.016007, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.016050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.016089, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.016130, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.016167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.016239, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.016282, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.016324, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.016364, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.016420, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.016458, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.016517, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.016559, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.016603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.016642, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.016684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.016721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.016788, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.016830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.016873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.016913, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.016955, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.016993, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.017063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.017105, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.017146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.017186, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.017227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.017267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.017318, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.017459, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.017638, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:46.017854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.017937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.017980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.018044, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:46.018088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:46.018131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:46.018173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:46.018216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:46.018258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:46.018300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:46.018342, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:46.018393, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:46.018436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:46.018479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:46.018521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:46.018564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:46.018606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.018670, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:46.019117, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.019493, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.019580, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.019626, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.020024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.020396, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.020474, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.020518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.020890, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.021260, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.021338, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.021444, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:46.021904, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.022339, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.022419, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.022466, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.022861, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.023230, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.023315, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.023361, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:46.024316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.024695, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.024772, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.024818, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.025518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.025900, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.025979, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.026025, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.026650, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.027028, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.027105, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.027151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.027543, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.027913, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.027990, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.028036, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.032656, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.033042, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.033120, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.033167, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.033840, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.034210, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.034297, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.034342, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.034735, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.035103, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.035180, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.035225, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.035623, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.035993, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.036070, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.036115, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.036542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.036894, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.036972, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.037012, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.037055, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:46.037095, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:46.037351, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.037652, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.037696, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.037739, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.037778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.037820, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.037857, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.037943, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.038024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ca-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.038196, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ca-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.038634, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.038715, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.038756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.038797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.038835, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.038876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.038913, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.038976, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.039025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.039068, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.039105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.039146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.039183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.039243, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.039284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.039327, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.039365, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.039405, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.039443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.039500, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.039541, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.039584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.039621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.039662, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.039700, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.039770, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.039812, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.039854, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.039895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.039946, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.039984, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.040044, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.040086, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:46.040130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.040170, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.040211, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.040249, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.040314, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.040356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:46.040401, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.040441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.040484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.040522, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.040590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:46.040633, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:46.040673, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.040714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.040754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.040801, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.040844, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.040922, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cb-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.041092, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cb-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.041481, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.041561, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.041601, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.041642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.041684, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.041743, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:46.041786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:46.041828, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:46.041879, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:46.041921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:46.041964, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:46.042007, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:46.042050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:46.042092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:46.042135, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:46.042177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:46.042220, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:46.042263, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:46.042308, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:46.042521, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cb-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.042878, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.042964, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.043004, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.043049, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.047504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cb-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.047638, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.047726, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.047803, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.047848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.047890, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.048053, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ca-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.048184, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.048262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.048339, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.048380, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.048421, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.048584, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c9-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.048713, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.048798, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.048874, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.048918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.048958, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.049119, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000c8-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.049248, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.049326, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.049469, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.049512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.049572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.049737, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.049957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:46.055023, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.055088, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.055133, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.055369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:46.055414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.055458, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.055501, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:46.055556, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:46.065095, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:46.065143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:46.065194, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:46.065239, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.065286, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/104/127 +[2013/11/07 07:38:46.065612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.065680, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 104 (position 104) from bitmap +[2013/11/07 07:38:46.065725, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 104 +[2013/11/07 07:38:46.065789, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.065845, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.066623, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.066819, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.066870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 104, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.066913, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 178339492 +[2013/11/07 07:38:46.066961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.067004, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:46.067048, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.067269, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:46.067313, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:46.067358, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/105/127 +[2013/11/07 07:38:46.067485, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.067533, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 105 (position 105) from bitmap +[2013/11/07 07:38:46.067575, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 105 +[2013/11/07 07:38:46.067625, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.067667, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.068484, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.068685, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.068735, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 105, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.068777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1145362404 +[2013/11/07 07:38:46.068823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:46.068863, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:46.068905, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:46.068971, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:46.069012, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.069054, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.069092, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.069130, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:46.069171, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.069208, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.069246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:46.069287, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.069335, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.069891, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.069933, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.069976, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.070023, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.070064, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.070832, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.071024, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.071069, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:46.071112, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:46.071166, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000093-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:46.071300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.071381, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.071459, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.071536, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.071577, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.071728, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.071777, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.071818, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.072030, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:46.072074, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:46.072116, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:46.072158, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.072208, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:46.072630, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:46.072677, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.072717, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.072762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.072803, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.072847, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/106/127 +[2013/11/07 07:38:46.072977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.073025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 106 (position 106) from bitmap +[2013/11/07 07:38:46.073067, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 106 +[2013/11/07 07:38:46.073120, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.073163, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.074023, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.074216, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.074268, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:46.074321, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.074362, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.074406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 9A8F7649 +[2013/11/07 07:38:46.074460, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3b02e0 +[2013/11/07 07:38:46.074537, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:46.074564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '9A8F7649' stored +[2013/11/07 07:38:46.074606, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x9a8f7649 (2593093193) + open_persistent_id : 0x000000009a8f7649 (2593093193) + open_volatile_id : 0x00000000512fae77 (1362079351) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:46.075083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 9A8F7649 +[2013/11/07 07:38:46.075125, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.075164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.075207, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:46.075231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x9a8f7649) stored +[2013/11/07 07:38:46.075269, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x512fae77 (1362079351) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x9a8f7649 (2593093193) + open_persistent_id : 0x000000009a8f7649 (2593093193) + open_volatile_id : 0x00000000512fae77 (1362079351) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:46 2013 CET + compat : NULL +[2013/11/07 07:38:46.075871, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1362079351 (7 used) +[2013/11/07 07:38:46.075919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:46.075989, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:46.076038, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 15 for pipe \spoolss +[2013/11/07 07:38:46.076143, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:46.076187, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:46.076243, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1362079351 +[2013/11/07 07:38:46.076304, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:46.076350, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/107/127 +[2013/11/07 07:38:46.076478, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.076527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 107 (position 107) from bitmap +[2013/11/07 07:38:46.076569, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 107 +[2013/11/07 07:38:46.076621, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.076665, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.077543, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.077736, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.077810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 107, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.077853, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4073323938 +[2013/11/07 07:38:46.077899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 2108 +[2013/11/07 07:38:46.077939, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 2108 +[2013/11/07 07:38:46.077980, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2108 +[2013/11/07 07:38:46.078018, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 2108 +[2013/11/07 07:38:46.078057, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 2108, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.078097, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.078135, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:46.078173, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 2092 +[2013/11/07 07:38:46.078237, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.078277, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 2092 +[2013/11/07 07:38:46.078315, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 2092, incoming data = 2092 +[2013/11/07 07:38:46.078359, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.078405, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x083c (2108) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000824 (2084) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2084 + [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 07 00 00 00 00 00 02 00 00 08 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 08 00 00 .... +[2013/11/07 07:38:46.083367, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.083409, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.083454, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.083499, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.083541, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.084313, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.084502, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.084547, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:46.084590, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:46.084638, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000a5-0000-0000-7b52-7535c5510000 + level : 0x00000007 (7) + buffer : * + buffer : DATA_BLOB length=2048 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00000800 (2048) +[2013/11/07 07:38:46.089341, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.089470, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.089549, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:46.089683, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.089739, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.089781, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.089873, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.089946, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.090178, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.090223, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.090268, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.090319, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.090359, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.090398, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.090551, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.090596, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.090642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.090682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.090723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.090761, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.090842, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.090923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cc-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.091109, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cc-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.091557, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.091649, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.091690, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.091732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.091771, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.091812, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.091850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.091920, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.091961, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.092004, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.092042, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.092083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.092121, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.092181, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.092223, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.092267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.092305, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.092347, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.092385, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.092443, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.092484, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.092528, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.092574, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.092616, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.092654, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.092728, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.092770, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.092813, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.092853, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.092896, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.092934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.092993, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.093035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.093078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.093118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.093160, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.093197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.093264, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.093306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.093349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.093468, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.093520, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.093560, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.093703, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.093750, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.093793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.093833, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.093873, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.093914, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.093958, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.094037, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.094215, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:46.094432, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.094515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.094557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.094625, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:46.094684, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:46.094727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:46.094769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:46.094812, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:46.094855, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:46.094898, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:46.094940, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:46.094983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:46.095026, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:46.095069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:46.095112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:46.095155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:46.095198, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:46.095241, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:46.095285, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:46.095328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:46.095371, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:46.095414, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.095480, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:46.095939, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.096318, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.096396, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.096443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.096815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.097190, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.097268, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.097313, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:46.097863, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.098252, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.098331, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.098378, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.098772, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.099143, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.099220, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.099275, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:46.100228, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.100604, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.100681, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.100727, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.101348, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.101785, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.101863, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.101910, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.102302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.102672, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.102749, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.102794, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.107310, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.107694, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.107774, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.107820, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.108446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.108817, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.108901, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.108947, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.109340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.109776, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.109855, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.109900, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.110391, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.110772, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.110850, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.110895, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(56) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x55 (85) + [7] : 0x00 (0) + [8] : 0x6e (110) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x76 (118) + [13] : 0x00 (0) + [14] : 0x65 (101) + [15] : 0x00 (0) + [16] : 0x72 (114) + [17] : 0x00 (0) + [18] : 0x73 (115) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x6c (108) + [23] : 0x00 (0) + [24] : 0x20 (32) + [25] : 0x00 (0) + [26] : 0x50 (80) + [27] : 0x00 (0) + [28] : 0x72 (114) + [29] : 0x00 (0) + [30] : 0x69 (105) + [31] : 0x00 (0) + [32] : 0x6e (110) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x69 (105) + [37] : 0x00 (0) + [38] : 0x6e (110) + [39] : 0x00 (0) + [40] : 0x67 (103) + [41] : 0x00 (0) + [42] : 0x20 (32) + [43] : 0x00 (0) + [44] : 0x50 (80) + [45] : 0x00 (0) + [46] : 0x43 (67) + [47] : 0x00 (0) + [48] : 0x4c (76) + [49] : 0x00 (0) + [50] : 0x20 (32) + [51] : 0x00 (0) + [52] : 0x36 (54) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + size : * + size : 0x00000038 (56) + length : * + length : 0x00000038 (56) + result : WERR_OK +[2013/11/07 07:38:46.112172, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.112545, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.112622, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.112675, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.113035, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.113593, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.113674, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.113722, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.114098, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.114468, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.114544, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.114589, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.114947, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.115321, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.115398, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.115443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.115835, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.116206, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.116283, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.116328, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.116729, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.117099, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.117176, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.117221, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.117998, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.118375, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.118452, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.118498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.118934, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.119286, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.119364, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.119404, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.119450, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:46.119490, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:46.119710, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.119937, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.119979, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.120021, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.120060, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.120100, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.120137, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.120221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.120302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ce-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.120468, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ce-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.120903, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.120984, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.121024, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.121065, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.121103, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.121143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.121180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.121243, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.121292, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.121334, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.121505, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.121547, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.121585, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.121646, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.121688, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.121730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.121767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.121807, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.121844, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.121900, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.121941, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.121983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.122021, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.122061, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.122098, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.122168, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.122209, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.122252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.122291, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.122341, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.122379, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.122494, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.122538, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:46.122582, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.122621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.122663, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.122702, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.122768, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.122809, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:46.122853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.122891, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.122933, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.122970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.123036, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:46.123078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:46.123118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.123157, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.123197, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.123237, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.123288, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.123367, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cf-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.123542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cf-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.123884, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.123961, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.124001, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.124041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.124082, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.124141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:46.124185, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:46.124226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:46.124277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:46.124319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:46.124361, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:46.124404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:46.124446, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:46.124488, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:46.124530, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:46.124572, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:46.124615, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:46.124657, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:46.124700, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:46.124742, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:46.124784, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:46.124827, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:46.124869, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:46.124913, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:46.125124, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cf-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.125542, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.125621, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.125661, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.125706, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.130128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cf-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.130262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.130341, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.130418, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.130463, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.130505, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.130666, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ce-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.130796, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.130874, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.130949, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.130989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.131029, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.131200, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cd-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.131330, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.131407, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.131484, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.131528, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.131569, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.131729, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000cc-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.131858, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.131935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.132011, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.132050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.132109, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.132279, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.132422, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.132479, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.132521, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.132607, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.132671, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.132895, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.132938, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.132982, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.133023, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.133062, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.133102, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.133240, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.133284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.133327, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.133519, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.133564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.133602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.133674, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.133767, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d0-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.133945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d0-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.134383, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.134463, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.134503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.134545, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.134582, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.134622, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.134659, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.134726, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.134768, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.134810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.134856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.134897, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.134934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.134996, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.135037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.135079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.135117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.135157, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.135195, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.135253, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.135294, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.135337, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.135375, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.135415, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.135452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.135523, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.135563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.135606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.135644, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.135685, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.135730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.135789, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.135830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.135874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.135913, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.135954, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.135992, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.136058, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.136100, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.136144, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.136183, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.136225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.136262, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.136328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.136370, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.136410, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.136451, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.136491, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.136532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.136575, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.136664, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.136835, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:46.137050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.137131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.137172, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.137233, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:46.137277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:46.137319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:46.137408, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:46.137456, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:46.137499, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:46.137542, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:46.137584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:46.137626, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:46.137676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:46.137719, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:46.137763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:46.137805, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:46.137848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:46.137891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:46.137934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:46.137976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:46.138019, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:46.138062, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.138127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x00000012 (18) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:46.138571, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.138956, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.139035, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.139080, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.139445, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.139816, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.139894, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.139945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:46.140403, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.140775, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.140851, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.140896, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.141296, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.141718, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.141797, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.141842, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:46.142803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.143173, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.143251, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.143295, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.143923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.144294, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.144370, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.144414, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.144811, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.145182, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.145258, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.145302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.149905, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.150280, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.150358, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.150403, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.151037, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.151408, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.151485, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.151528, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.151920, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.152298, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.152375, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.152419, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.152808, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.153184, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.153262, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.153305, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Printer Driver' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(56) + [0] : 0x48 (72) + [1] : 0x00 (0) + [2] : 0x50 (80) + [3] : 0x00 (0) + [4] : 0x20 (32) + [5] : 0x00 (0) + [6] : 0x55 (85) + [7] : 0x00 (0) + [8] : 0x6e (110) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x76 (118) + [13] : 0x00 (0) + [14] : 0x65 (101) + [15] : 0x00 (0) + [16] : 0x72 (114) + [17] : 0x00 (0) + [18] : 0x73 (115) + [19] : 0x00 (0) + [20] : 0x61 (97) + [21] : 0x00 (0) + [22] : 0x6c (108) + [23] : 0x00 (0) + [24] : 0x20 (32) + [25] : 0x00 (0) + [26] : 0x50 (80) + [27] : 0x00 (0) + [28] : 0x72 (114) + [29] : 0x00 (0) + [30] : 0x69 (105) + [31] : 0x00 (0) + [32] : 0x6e (110) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x69 (105) + [37] : 0x00 (0) + [38] : 0x6e (110) + [39] : 0x00 (0) + [40] : 0x67 (103) + [41] : 0x00 (0) + [42] : 0x20 (32) + [43] : 0x00 (0) + [44] : 0x50 (80) + [45] : 0x00 (0) + [46] : 0x43 (67) + [47] : 0x00 (0) + [48] : 0x4c (76) + [49] : 0x00 (0) + [50] : 0x20 (32) + [51] : 0x00 (0) + [52] : 0x36 (54) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + size : * + size : 0x00000038 (56) + length : * + length : 0x00000038 (56) + result : WERR_OK +[2013/11/07 07:38:46.154607, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.154980, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.155058, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.155102, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Location' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.155461, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.155839, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.155916, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.155962, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Parameters' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.156321, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000d (13) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.156691, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.156767, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.156819, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x001e (30) + size : 0x0024 (36) + name : * + name : 'Separator File' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.157178, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000e (14) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.157603, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.157682, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.157730, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000e (14) + size : 0x0024 (36) + name : * + name : 'Status' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.158136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000f (15) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.158515, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.158592, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.158638, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.159039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000010 (16) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.159420, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.159497, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.159542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x35 (53) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.160173, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + enum_index : 0x00000011 (17) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.160640, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.160718, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.160764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x44 (68) + [1] : 0xeb (235) + [2] : 0x34 (52) + [3] : 0x01 (1) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.161201, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.161590, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.161668, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.161708, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.161753, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:46.161803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:46.162027, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.162255, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.162296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.162339, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.162377, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.162418, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.162455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.162530, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.162610, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d2-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.162777, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d2-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.163223, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.163304, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.163344, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.163387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.163424, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.163464, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.163501, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.163564, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.163605, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.163647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.163684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.163724, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.163760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.163819, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.163861, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.163903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.163940, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.163988, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.164025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.164082, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.164124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.164166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.164204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.164244, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.164281, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.164352, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.164393, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.164436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.164474, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.164515, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.164552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.164610, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.164650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:46.164693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.164731, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.164773, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.164810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.164881, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.164922, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:46.164965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.165004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.165045, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.165083, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.165148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:46.165189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:46.165230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.165270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.165309, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.165349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.165445, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.165523, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d3-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.165695, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d3-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.166043, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.166119, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.166159, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.166199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.166241, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.166302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Description] len[2] +[2013/11/07 07:38:46.166345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Datatype] len[8] +[2013/11/07 07:38:46.166388, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Default Priority] len[4] +[2013/11/07 07:38:46.166430, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Port] len[38] +[2013/11/07 07:38:46.166471, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Print Processor] len[18] +[2013/11/07 07:38:46.166514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Priority] len[4] +[2013/11/07 07:38:46.166556, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Security] len[248] +[2013/11/07 07:38:46.166599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Share Name] len[18] +[2013/11/07 07:38:46.166641, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[StartTime] len[4] +[2013/11/07 07:38:46.166683, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[UntilTime] len[4] +[2013/11/07 07:38:46.166726, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[Printer Driver] len[56] +[2013/11/07 07:38:46.166775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[Location] len[2] +[2013/11/07 07:38:46.166819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[Parameters] len[2] +[2013/11/07 07:38:46.166862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[13]: name[Separator File] len[2] +[2013/11/07 07:38:46.166905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[14]: name[Status] len[4] +[2013/11/07 07:38:46.166947, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[15]: name[Attributes] len[4] +[2013/11/07 07:38:46.166990, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[16]: name[Name] len[18] +[2013/11/07 07:38:46.167033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[17]: name[ChangeID] len[4] +[2013/11/07 07:38:46.167077, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:46.167289, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d3-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.167645, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.167722, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.167762, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.167813, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.172289, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d3-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.172426, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.172505, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.172581, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.172632, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.172674, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.172836, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d2-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.172967, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.173045, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.173122, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.173162, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.173202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.173400, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d1-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.173535, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.173614, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.173691, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.173736, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.173785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.173948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d0-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.174078, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.174155, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.174231, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.174270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.174330, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.174498, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.174596, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 7) + info7: struct spoolss_PrinterInfo7 + guid : * + guid : '' + action : 0x00000004 (4) + 0: DSPRINT_PUBLISH + 0: DSPRINT_UPDATE + 1: DSPRINT_UNPUBLISH + 0: DSPRINT_REPUBLISH + 0: DSPRINT_PENDING + needed : * + needed : 0x00000010 (16) + result : WERR_OK +[2013/11/07 07:38:46.174920, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.174981, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.175026, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 2092 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 2108 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.175259, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 2108 +[2013/11/07 07:38:46.175303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 2088 +[2013/11/07 07:38:46.175347, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 2088 +[2013/11/07 07:38:46.175390, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 2064. +[2013/11/07 07:38:46.175446, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0828 (2088) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000810 (2064) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=2064 + [0000] 04 00 02 00 00 08 00 00 FE 07 00 00 04 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 ........ ........ +[2013/11/07 07:38:46.180332, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 30 +[2013/11/07 07:38:46.180386, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 2088 bytes. There is no more data outstanding +[2013/11/07 07:38:46.180429, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 2088 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.180477, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 2088 status NT_STATUS_OK +[2013/11/07 07:38:46.180520, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:2088] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.180564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/108/127 +[2013/11/07 07:38:46.180762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.180815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 108 (position 108) from bitmap +[2013/11/07 07:38:46.180858, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 108 +[2013/11/07 07:38:46.180923, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.180968, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.181830, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.182025, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.182127, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 108, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.182171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 178339492 +[2013/11/07 07:38:46.182220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:46.182261, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:46.182302, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:46.182340, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:46.182379, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.182421, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.182458, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.182496, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:46.182537, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.182575, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.182613, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:46.182655, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.182702, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 35 00 00 00 00 00 00 00 00 00 00 00 e.r.5... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:46.183536, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.183575, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.183617, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.183663, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.183704, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.184471, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.184659, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.184704, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:46.184748, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:46.184803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer5' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer5 +[2013/11/07 07:38:46.185328, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer5] +[2013/11/07 07:38:46.185445, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.185536, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer5 + Printer is a printer +[2013/11/07 07:38:46.185592, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer5 (len=19) + searching for [printer5] +[2013/11/07 07:38:46.185690, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer5, we already got it + set_printer_hnd_name: Printer found: printer5 -> printer5 +[2013/11/07 07:38:46.185746, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:46.185786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.185864, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.185941, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:46.186005, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:46.186173, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer5 is ok for unix user root +[2013/11/07 07:38:46.186226, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:46.186327, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.186380, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.186421, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.186515, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.186579, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.186817, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.186863, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.186908, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.186948, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.186987, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.187025, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.187170, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.187214, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.187259, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.187298, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.187339, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.187376, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.187450, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.187531, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d5-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.187712, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d5-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.188165, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.188245, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.188286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.188328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.188366, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.188406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.188443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.188516, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.188558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.188599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.188636, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.188676, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.188714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.188774, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.188815, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.188857, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.188894, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.188935, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.188972, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.189036, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.189078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.189121, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.189159, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.189201, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.189238, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.189309, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.189350, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.189456, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.189497, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.189539, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.189577, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.189638, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.189680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.189723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.189762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.189804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.189842, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.189910, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.189952, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.190003, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.190043, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.190085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.190122, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.190190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.190232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.190273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.190313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.190353, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.190392, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.190435, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.190514, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d6-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.190677, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 already exists +[2013/11/07 07:38:46.190735, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d6-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.190864, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.190943, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.191028, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.191069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.191109, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.191270, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d5-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.191400, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.191478, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.191554, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.191594, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.191647, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.191805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.191854, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d4-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.192005, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.192058, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.192109, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.192325, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:46.192369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.192412, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.192455, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.192508, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:46.192924, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:46.192972, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.193013, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.193060, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.193101, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.193146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/109/127 +[2013/11/07 07:38:46.193329, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.193466, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 109 (position 109) from bitmap +[2013/11/07 07:38:46.193511, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 109 +[2013/11/07 07:38:46.193571, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.193616, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.194378, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.194572, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.194623, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 109, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.194665, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1017618511 +[2013/11/07 07:38:46.194712, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:46.194755, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:46.194813, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.195033, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:46.195077, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:46.195122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/110/127 +[2013/11/07 07:38:46.195230, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.195275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 110 (position 110) from bitmap +[2013/11/07 07:38:46.195316, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 110 +[2013/11/07 07:38:46.195365, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.195406, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.196175, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.196362, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.196411, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 1145362404 +[2013/11/07 07:38:46.196508, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.196555, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.196600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B614F787 +[2013/11/07 07:38:46.196677, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3914b0 +[2013/11/07 07:38:46.196735, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B614F787 +[2013/11/07 07:38:46.196778, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.196818, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.196880, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 1145362404 (6 used) +[2013/11/07 07:38:46.196939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:46.196985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/111/127 +[2013/11/07 07:38:46.205248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.205648, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 111 (position 111) from bitmap +[2013/11/07 07:38:46.205767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 111 +[2013/11/07 07:38:46.205916, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.206029, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.208148, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.208641, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.208775, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:46.208909, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.209011, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.209122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B0DF064C +[2013/11/07 07:38:46.209249, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3c4430 +[2013/11/07 07:38:46.209589, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:46.209669, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'B0DF064C' stored +[2013/11/07 07:38:46.209773, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb0df064c (2967406156) + open_persistent_id : 0x00000000b0df064c (2967406156) + open_volatile_id : 0x000000009797a662 (2543298146) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:46.211125, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B0DF064C +[2013/11/07 07:38:46.211238, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.211337, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.211440, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:46.211499, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xb0df064c) stored +[2013/11/07 07:38:46.211595, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x9797a662 (2543298146) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xb0df064c (2967406156) + open_persistent_id : 0x00000000b0df064c (2967406156) + open_volatile_id : 0x000000009797a662 (2543298146) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:46 2013 CET + compat : NULL +[2013/11/07 07:38:46.213206, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 2543298146 (7 used) +[2013/11/07 07:38:46.213330, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:46.213578, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:46.213998, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 15 for pipe \spoolss +[2013/11/07 07:38:46.214261, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:46.214374, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:46.214512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 2543298146 +[2013/11/07 07:38:46.214673, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:46.214788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/112/127 +[2013/11/07 07:38:46.215132, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.215254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 112 (position 112) from bitmap +[2013/11/07 07:38:46.215360, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 112 +[2013/11/07 07:38:46.215496, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.215604, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.217746, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.217947, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.217999, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 112, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.218043, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1017618511 +[2013/11/07 07:38:46.218091, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:46.218132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:46.218174, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:46.218213, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:46.218252, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.218293, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.218331, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:46.218368, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:46.218411, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.218449, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:46.218487, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:46.218531, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.218593, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:46.228074, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.228117, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.228163, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.228209, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.228251, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.229019, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.229210, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.229256, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:46.229300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:46.229350, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b9-0000-0000-7b52-7535c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:46.238525, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.238610, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.238687, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:46.238827, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.238885, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.238928, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.239021, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.239099, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.239331, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.239376, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.239429, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.239488, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.239529, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.239588, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.239761, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.239807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.239853, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.239893, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.239935, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.239972, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.240055, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.240137, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d7-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.240327, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d7-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.240785, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.240867, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.240908, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.240951, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.240989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.241031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.241068, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.241136, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.241178, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.241221, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.241259, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.241299, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.241336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.241487, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.241531, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.241575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.241613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.241654, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.241691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.241748, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.241789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.241841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.241880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.241922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.241960, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.242035, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.242076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.242123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.242163, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.242207, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.242245, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.242308, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.242349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.242395, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.242435, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.242478, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.242515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.242585, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.242626, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.242671, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.242718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.242762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.242800, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.242869, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.242913, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.242955, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.242995, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.243035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.243076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.243120, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.243199, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.243376, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:46.243594, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.243676, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.243719, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.243791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:46.243835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:46.243878, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:46.243919, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:46.243962, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:46.244005, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:46.244048, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:46.244090, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:46.244134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:46.244176, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:46.244219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:46.244262, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:46.244304, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:46.244347, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.244412, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:46.244864, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.245240, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.245318, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.245407, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.245813, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.246199, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.246277, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.246323, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:46.246688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.247060, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.247138, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.247190, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:46.247647, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.248018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.248095, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.248141, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.248541, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.248910, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.248988, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.249033, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:46.250039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.250410, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.250487, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.250533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.251166, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.251536, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.251613, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.251659, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.252297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.252667, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.252744, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.252790, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.253181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.253712, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.253795, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.253843, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.258359, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.258734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.258812, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.258858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:46.259495, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.259868, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.259946, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.259991, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.260385, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.260842, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.260924, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.260970, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.261389, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:46.261777, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.261855, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.261909, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:46.262342, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.262687, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.262765, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.262805, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.262850, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:46.262890, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:46.263122, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.263349, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.263391, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.263434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.263473, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.263514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.263551, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.263629, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.263709, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d9-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.263876, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d9-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.264323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.264404, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.264444, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.264486, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.264524, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.264564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.264601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.264665, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.264707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.264749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.264787, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.264828, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.264865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.264924, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.264966, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.265008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.265045, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.265086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.265123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.265181, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.265229, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.265272, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.265310, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.265351, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.265456, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.265531, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.265573, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.265616, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.265657, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.265700, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.265738, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.265800, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.265841, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:46.265886, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.265925, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.265968, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.266005, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.266072, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.266113, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:46.266157, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.266206, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.266249, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.266286, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.266356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:46.266398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:46.266439, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.266479, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.266519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.266559, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.266602, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.266681, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000da-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.266857, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000da-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.267199, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.267285, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.267325, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.267365, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:46.267407, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.267467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:46.267510, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:46.267553, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:46.267596, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:46.267638, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:46.267680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:46.267723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:46.267766, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:46.267809, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:46.267852, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:46.267894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:46.267937, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:46.267980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:46.268024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:46.268247, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000da-0000-0000-7b52-7635c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:46.268604, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.268681, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.268720, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:46.268765, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:46.273159, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000da-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.273292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.273425, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.273504, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.273550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.273592, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.273755, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d9-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.273885, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.273962, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.274045, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.274085, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.274126, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.274290, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d8-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.274420, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.274498, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.274573, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.274618, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.274658, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.274820, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d7-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.274951, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.275028, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.275104, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.275152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.275214, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.275377, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.275543, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:46.280596, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.280664, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.280712, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.280939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:46.280985, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:46.281029, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:46.281073, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:46.281129, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:46.290578, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:46.290646, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:46.290690, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.290739, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:46.290783, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.290829, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/113/127 +[2013/11/07 07:38:46.291032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.291089, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 113 (position 113) from bitmap +[2013/11/07 07:38:46.291131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 113 +[2013/11/07 07:38:46.291195, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.291240, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.292022, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.292216, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.292317, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 113, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.292365, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 178339492 +[2013/11/07 07:38:46.292414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:46.292454, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:46.292495, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:46.292534, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:46.292573, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.292614, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.292651, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.292688, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:46.292730, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.292767, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.292805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:46.292847, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.292896, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.293471, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.293520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.293564, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.293611, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.293654, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.294415, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.294606, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.294660, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:46.294705, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:46.294752, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000d4-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.294886, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.294967, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.295045, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.295121, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.295164, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.295317, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.295367, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.295409, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.295625, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:46.295668, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.295711, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.295768, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.295820, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:46.296237, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:46.296285, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.296327, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.296372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.296414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.296458, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/114/127 +[2013/11/07 07:38:46.296682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.296743, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 114 (position 114) from bitmap +[2013/11/07 07:38:46.296787, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 114 +[2013/11/07 07:38:46.296888, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.296934, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.297780, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.298012, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.298063, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 114, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.298105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1362079351 +[2013/11/07 07:38:46.298151, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:46.298192, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:46.298230, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:46.298269, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.298309, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.298345, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.298383, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:46.298434, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.298472, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.298510, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:46.298552, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.298602, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.299535, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:46.299586, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.299628, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:46.299667, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:46.299711, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.299753, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 16 for pipe \spoolss +[2013/11/07 07:38:46.299848, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.300371, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.300683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:46.300732, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/115/127 +[2013/11/07 07:38:46.300944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.301002, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 115 (position 115) from bitmap +[2013/11/07 07:38:46.301058, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 115 +[2013/11/07 07:38:46.301114, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.301156, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.302056, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.302251, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.302301, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 115, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.302343, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 2543298146 +[2013/11/07 07:38:46.302387, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:46.302428, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:46.302467, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:46.302515, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.302556, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.302593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.302631, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:46.302671, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.302708, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.302746, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:46.302786, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.302869, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.303766, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:46.303841, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.303883, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:46.303922, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:46.303967, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.304008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 17 for pipe \spoolss +[2013/11/07 07:38:46.304067, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.304587, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.304817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:46.304865, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/116/127 +[2013/11/07 07:38:46.306185, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.306285, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 116 (position 116) from bitmap +[2013/11/07 07:38:46.306330, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 116 +[2013/11/07 07:38:46.306389, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.306441, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.307211, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.307405, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.307474, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 178339492 +[2013/11/07 07:38:46.307526, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.307567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.307612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 4467DD80 +[2013/11/07 07:38:46.307673, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d34b360 +[2013/11/07 07:38:46.307728, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 4467DD80 +[2013/11/07 07:38:46.307770, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.307808, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.307864, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 178339492 (6 used) +[2013/11/07 07:38:46.307925, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:46.307970, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/117/127 +[2013/11/07 07:38:46.308539, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.308621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 117 (position 117) from bitmap +[2013/11/07 07:38:46.308667, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 117 +[2013/11/07 07:38:46.308721, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.308763, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.309638, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.309831, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.309880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 117, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.309922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2543298146 +[2013/11/07 07:38:46.309969, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.310015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:46.310060, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.310272, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:46.310317, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:46.310363, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/118/127 +[2013/11/07 07:38:46.310510, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.310559, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 118 (position 118) from bitmap +[2013/11/07 07:38:46.310613, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 118 +[2013/11/07 07:38:46.310677, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.310720, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.311607, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.311797, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.311845, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 118, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.311886, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1362079351 +[2013/11/07 07:38:46.311931, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.311975, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:46.312018, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.312236, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:46.312280, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:46.312324, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/119/127 +[2013/11/07 07:38:46.400540, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.400905, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 119 (position 119) from bitmap +[2013/11/07 07:38:46.401042, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 119 +[2013/11/07 07:38:46.401198, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.401314, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.404819, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.405556, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.405704, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 119, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.405815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2543298146 +[2013/11/07 07:38:46.405936, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 246 +[2013/11/07 07:38:46.406035, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 246 +[2013/11/07 07:38:46.406140, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 246 +[2013/11/07 07:38:46.406236, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 246 +[2013/11/07 07:38:46.406333, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 246, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.406433, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.406526, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 230 +[2013/11/07 07:38:46.406620, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 230 +[2013/11/07 07:38:46.406724, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.406817, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 230 +[2013/11/07 07:38:46.406909, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 230, incoming data = 230 +[2013/11/07 07:38:46.407013, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.407137, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00f6 (246) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000de (222) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=222 + [0000] 00 00 02 00 1F 00 00 00 00 00 00 00 1F 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 35 00 2C 00 20 00 4C 00 6F 00 63 00 e.r.5.,. .L.o.c. + [0040] 61 00 6C 00 4F 00 6E 00 6C 00 79 00 00 00 00 00 a.l.O.n. l.y..... + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 01 00 00 00 01 00 00 00 04 00 02 00 28 00 00 00 ........ ....(... + [0070] 08 00 02 00 0C 00 02 00 80 25 00 00 03 00 00 00 ........ .%...... + [0080] 00 00 00 00 09 00 00 00 0A 00 00 00 00 00 00 00 ........ ........ + [0090] 0A 00 00 00 57 00 49 00 4E 00 38 00 31 00 2D 00 ....W.I. N.8.1.-. + [00A0] 32 00 33 00 39 00 00 00 15 00 00 00 00 00 00 00 2.3.9... ........ + [00B0] 15 00 00 00 41 00 52 00 33 00 32 00 49 00 38 00 ....A.R. 3.2.I.8. + [00C0] 5C 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 \.A.d.m. i.n.i.s. + [00D0] 74 00 72 00 61 00 74 00 6F 00 72 00 00 00 t.r.a.t. o.r... +[2013/11/07 07:38:46.409342, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.409509, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.409554, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.409602, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.409644, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.410439, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.410629, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.410678, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:46.410723, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:46.410785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer5, LocalOnly' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer5, LocalOnly +[2013/11/07 07:38:46.411410, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer5, LocalOnly] +[2013/11/07 07:38:46.411464, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.411547, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer5, LocalOnly + Printer is a printer +[2013/11/07 07:38:46.411603, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer5, LocalOnly (len=30) + searching for [printer5, LocalOnly] + stripped handlename: [printer5] +[2013/11/07 07:38:46.411735, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer5, we already got it + set_printer_hnd_name: Printer found: printer5 -> printer5 +[2013/11/07 07:38:46.411792, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:46.411833, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.411911, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.411988, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer5 +[2013/11/07 07:38:46.412057, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:46.412230, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer5 is ok for unix user root +[2013/11/07 07:38:46.412285, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:46.412394, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.412449, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.412491, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.412594, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.412664, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.412896, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.412942, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.412986, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.413026, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.413075, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.413114, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.413274, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.413319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.413468, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.413514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.413556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.413594, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.413676, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.413759, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000dc-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.413957, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000dc-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.414572, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.414671, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.414714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.414757, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.414796, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.414837, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.414875, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.414949, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.414991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.415033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.415071, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.415112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.415149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.415210, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.415252, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.415295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.415333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.415374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.415411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.415470, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.415511, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.415554, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.415600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.415642, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.415679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.415753, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.415795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.415838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.415878, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.415920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.415957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.416017, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.416058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.416101, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.416140, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.416182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.416220, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.416286, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer5] +[2013/11/07 07:38:46.416328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.416371, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.416410, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.416452, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.416497, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5] +[2013/11/07 07:38:46.416565, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.416607, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.416647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.416687, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.416727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.416767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.416811, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.416889, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000dd-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.417055, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer5 already exists +[2013/11/07 07:38:46.417115, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000dd-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.417246, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.417325, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.417564, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.417610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.417825, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.418177, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000dc-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.418315, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.418394, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.418471, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.418512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.418569, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.418729, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.418781, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000db-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.418933, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.418988, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.419031, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 230 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 246 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.420003, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 246 +[2013/11/07 07:38:46.420075, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.420120, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.420165, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.420221, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:46.420644, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:46.420695, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.420735, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.420782, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.420825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.420871, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/120/127 +[2013/11/07 07:38:46.421059, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.421108, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 120 (position 120) from bitmap +[2013/11/07 07:38:46.421151, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 120 +[2013/11/07 07:38:46.421228, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.421272, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.422153, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.422346, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.422399, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 120, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.422442, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1362079351 +[2013/11/07 07:38:46.422488, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:46.422528, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:46.422569, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:46.422607, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:46.422655, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.422697, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.422735, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.422772, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:46.422813, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.422850, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.422948, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:46.422993, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.423042, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:46.423863, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.423910, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.423954, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.424000, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.424041, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.424799, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.424986, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.425030, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:46.425073, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:46.425127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:46.425713, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:46.425763, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[6] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.425842, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:46.425895, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:46.425984, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:46.426039, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 6 printer handles active +[2013/11/07 07:38:46.426079, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.426156, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.426231, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:46.426295, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:46.426441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:46.426494, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:46.426598, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.426650, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.426692, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.426778, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.426842, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.427069, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.427112, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.427156, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.427195, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.427234, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.427272, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.427406, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.427450, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.427494, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.427533, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.427573, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.427611, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.427684, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.427774, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000df-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.427955, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000df-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.428395, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.428475, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.428515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.428557, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.428596, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.428636, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.428674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.428740, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.428781, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.428823, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.428868, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.428909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.428946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.429006, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.429047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.429090, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.429127, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.429168, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.429205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.429263, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.429303, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.429345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.429469, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.429513, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.429550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.429625, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.429668, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.429712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.429752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.429794, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.429832, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.429901, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.429943, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.429987, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.430025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.430067, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.430104, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.430171, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.430212, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.430256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.430294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.430336, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.430373, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.430443, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.430485, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.430526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.430566, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.430605, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.430645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.430687, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.430775, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e0-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.430941, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:46.430999, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e0-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.431129, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.431208, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.431285, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.431325, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.431366, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.431527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000df-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.431656, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.431734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.431809, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.431849, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.431915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.432073, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.432123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000de-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.432276, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.432330, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.432373, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.432589, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:46.432631, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.432674, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.432716, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.432768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:46.433195, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:46.433244, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.433285, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.433346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.433546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.433596, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/121/127 +[2013/11/07 07:38:46.433786, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.433839, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 121 (position 121) from bitmap +[2013/11/07 07:38:46.433881, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 121 +[2013/11/07 07:38:46.433953, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.433999, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.434931, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.435132, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.435186, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 121, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.435229, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1017618511 +[2013/11/07 07:38:46.435276, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:46.435316, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:46.435357, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:46.435396, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:46.435435, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.435476, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.435513, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.435551, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:46.435592, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.435629, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.435667, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:46.435708, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.435756, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.436213, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.436252, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.436294, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.436339, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.436379, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.437152, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.437347, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.437473, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:46.437519, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:46.437564, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000b9-0000-0000-7b52-7535c5510000 +[2013/11/07 07:38:46.437695, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.437775, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.437853, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 7B 52 75 35 ........ ....{Ru5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.437929, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.437972, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.438123, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.438172, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.438214, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.438423, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:46.438475, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:46.438517, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:46.438558, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.438608, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:46.439024, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:46.439071, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.439112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.439156, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.439198, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.439242, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/122/127 +[2013/11/07 07:38:46.459418, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.459600, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 122 (position 122) from bitmap +[2013/11/07 07:38:46.459663, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 122 +[2013/11/07 07:38:46.459762, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.459851, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.460877, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.461140, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.461209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 1017618511 +[2013/11/07 07:38:46.461277, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.461331, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.461765, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key AB2F84C7 +[2013/11/07 07:38:46.461908, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3a9f00 +[2013/11/07 07:38:46.462043, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key AB2F84C7 +[2013/11/07 07:38:46.462151, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.462250, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.462409, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 1017618511 (5 used) +[2013/11/07 07:38:46.462569, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:46.462687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/123/127 +[2013/11/07 07:38:46.473315, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.473678, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 123 (position 123) from bitmap +[2013/11/07 07:38:46.473795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 123 +[2013/11/07 07:38:46.473959, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.474074, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.476067, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.476552, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.476716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 123, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.476823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2543298146 +[2013/11/07 07:38:46.476941, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:46.477040, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:46.477142, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:46.477238, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:46.477336, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.477608, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.477706, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.477921, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:46.478039, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.478134, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.478229, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:46.478335, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.478462, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.479637, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.479735, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.479839, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.479953, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.480055, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.482101, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.482580, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.482695, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:46.482805, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:46.482917, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000db-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.483269, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.483468, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.483660, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.483848, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.483952, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.484326, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.484449, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.484554, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.485085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:46.485191, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.485299, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.485558, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.485690, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:46.486748, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:46.486869, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.486971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.487083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.487188, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.487297, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/124/127 +[2013/11/07 07:38:46.487656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.487796, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 124 (position 124) from bitmap +[2013/11/07 07:38:46.487899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 124 +[2013/11/07 07:38:46.488036, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.488143, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.490204, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.490682, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.490811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:46.490935, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.491035, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.491143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 9CEFA4FC +[2013/11/07 07:38:46.491274, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3924d0 +[2013/11/07 07:38:46.491451, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:46.491517, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '9CEFA4FC' stored +[2013/11/07 07:38:46.491619, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x9cefa4fc (2632951036) + open_persistent_id : 0x000000009cefa4fc (2632951036) + open_volatile_id : 0x0000000071b25b3a (1907514170) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:46.492790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 9CEFA4FC +[2013/11/07 07:38:46.492895, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.492993, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.493095, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:46.493155, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x9cefa4fc) stored +[2013/11/07 07:38:46.493250, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x71b25b3a (1907514170) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x9cefa4fc (2632951036) + open_persistent_id : 0x000000009cefa4fc (2632951036) + open_volatile_id : 0x0000000071b25b3a (1907514170) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:46 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:46 2013 CET + compat : NULL +[2013/11/07 07:38:46.494082, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1907514170 (6 used) +[2013/11/07 07:38:46.494131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:46.494196, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:46.494256, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 16 for pipe \spoolss +[2013/11/07 07:38:46.494369, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:46.494413, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:46.494472, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1907514170 +[2013/11/07 07:38:46.494538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:46.494585, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/125/127 +[2013/11/07 07:38:46.495854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.495932, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 125 (position 125) from bitmap +[2013/11/07 07:38:46.495975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 125 +[2013/11/07 07:38:46.496032, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.496084, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.496943, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.497138, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.497190, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 2543298146 +[2013/11/07 07:38:46.497240, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.497280, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.497567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key B0DF064C +[2013/11/07 07:38:46.497632, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d34b360 +[2013/11/07 07:38:46.497687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key B0DF064C +[2013/11/07 07:38:46.497737, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.497777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.497836, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 2543298146 (5 used) +[2013/11/07 07:38:46.497902, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:46.497949, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/126/127 +[2013/11/07 07:38:46.498087, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.498136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 126 (position 126) from bitmap +[2013/11/07 07:38:46.498177, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 126 +[2013/11/07 07:38:46.498230, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.498273, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.499092, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.499286, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.499336, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 126, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.499380, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2189993496 +[2013/11/07 07:38:46.499427, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:46.499467, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:46.499508, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:46.499546, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:46.499586, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.499626, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.499664, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.499701, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:46.499753, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.499791, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:46.499828, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:46.499870, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.499923, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000015 (21) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.500406, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.500446, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.500489, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.500536, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.500577, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.501344, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.501700, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.501753, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:46.501798, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:46.501846, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000048-0000-0000-7b52-7335c5510000 +[2013/11/07 07:38:46.501981, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.502062, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.502138, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[3] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 7B 52 73 35 ....H... ....{Rs5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.502215, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.502259, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.502424, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.502476, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.502518, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.502732, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:46.502777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:46.502820, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:46.502862, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.502914, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000015 (21) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:46.503330, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:46.503379, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.503420, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.503467, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.503508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.503562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/127/127 +[2013/11/07 07:38:46.503697, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.503746, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 127 (position 127) from bitmap +[2013/11/07 07:38:46.503788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 127 +[2013/11/07 07:38:46.503841, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.503883, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.504649, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.504840, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.504889, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 127, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.504940, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1907514170 +[2013/11/07 07:38:46.504985, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:46.505026, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:46.505064, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:46.505103, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.505143, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.505180, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.505217, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:46.505258, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.505296, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:46.505333, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:46.505454, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.505505, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.506419, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:46.506463, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.506517, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:46.506557, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:46.506601, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:46.506644, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 16 for pipe \spoolss +[2013/11/07 07:38:46.506703, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:46.507282, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.507495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:46.507553, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/128/127 +[2013/11/07 07:38:46.507702, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.507750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 128 (position 128) from bitmap +[2013/11/07 07:38:46.507791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 128 +[2013/11/07 07:38:46.507845, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.507886, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.508702, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.508894, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.508948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:46.509000, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.509041, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.509085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 5445CA1B +[2013/11/07 07:38:46.509140, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d357700 +[2013/11/07 07:38:46.509219, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:46.509246, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '5445CA1B' stored +[2013/11/07 07:38:46.509287, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x5445ca1b (1413859867) + open_persistent_id : 0x000000005445ca1b (1413859867) + open_volatile_id : 0x00000000cfd83949 (3487054153) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:46.509817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 5445CA1B +[2013/11/07 07:38:46.509860, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.509899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.509950, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:46.509974, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x5445ca1b) stored +[2013/11/07 07:38:46.510013, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xcfd83949 (3487054153) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x5445ca1b (1413859867) + open_persistent_id : 0x000000005445ca1b (1413859867) + open_volatile_id : 0x00000000cfd83949 (3487054153) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:47 2013 CET + compat : NULL +[2013/11/07 07:38:46.510615, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 3487054153 (6 used) +[2013/11/07 07:38:46.510663, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:46.510724, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:46.510774, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 17 for pipe \spoolss +[2013/11/07 07:38:46.510877, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:46.510921, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:46.510977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 3487054153 +[2013/11/07 07:38:46.511040, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:46.511092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/129/127 +[2013/11/07 07:38:46.511931, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.512011, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 129 (position 129) from bitmap +[2013/11/07 07:38:46.512064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 129 +[2013/11/07 07:38:46.512120, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.512164, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.513019, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.513211, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.513261, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 129, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.513304, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1907514170 +[2013/11/07 07:38:46.513442, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.513492, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:46.513581, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.513795, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:46.513840, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:46.513884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/130/127 +[2013/11/07 07:38:46.514008, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.514102, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 130 (position 130) from bitmap +[2013/11/07 07:38:46.514148, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 130 +[2013/11/07 07:38:46.514201, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.514244, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.515237, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.515434, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.515485, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 2189993496 +[2013/11/07 07:38:46.515536, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.515576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:46.515620, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 80485D58 +[2013/11/07 07:38:46.515671, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d349bb0 +[2013/11/07 07:38:46.515723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 80485D58 +[2013/11/07 07:38:46.515765, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:46.515804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:46.515860, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 2189993496 (5 used) +[2013/11/07 07:38:46.515920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:46.515966, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/131/127 +[2013/11/07 07:38:46.516089, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:46.516136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 131 (position 131) from bitmap +[2013/11/07 07:38:46.516176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 131 +[2013/11/07 07:38:46.516228, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.516282, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.517045, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.517234, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:46.517281, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 131, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:46.517323, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1907514170 +[2013/11/07 07:38:46.517469, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:46.517513, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:46.517555, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:46.517593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:46.517633, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:46.517682, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:46.517720, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.517758, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:46.517799, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:46.517836, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:46.517874, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:46.517915, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:46.517964, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:46.518796, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:46.518834, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:46.518876, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.518934, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.518975, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:46.519734, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:46.519921, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:46.519965, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:46.520009, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:46.520066, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:46.520605, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:46.520656, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.520735, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:46.520790, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:46.520884, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:46.520940, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 4 printer handles active +[2013/11/07 07:38:46.520981, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.521059, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.521134, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:46.521201, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:46.521430, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:46.521489, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:46.521597, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:46.521659, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:46.521701, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:46.521789, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:46.521858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.522089, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:46.522134, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.522178, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.522218, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:46.522257, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:46.522295, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:46.522446, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:46.522490, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:46.522536, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:46.522576, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:46.522619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.522657, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:46.522737, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.522819, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e2-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.523013, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e2-0000-0000-7b52-7635c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:46.523526, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.523610, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:46.523651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:46.523695, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.523733, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.523774, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.523811, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:46.523881, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:46.523923, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:46.523966, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.524004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.524044, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.524089, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:46.524150, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:46.524192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:46.524234, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.524272, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.524312, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.524349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:46.524408, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:46.524449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:46.524492, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.524529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.524571, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.524608, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:46.524681, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:46.524723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:46.524766, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.524804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.524847, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.524884, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:46.524943, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:46.524991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:46.525034, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.525073, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.525115, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.525153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:46.525221, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:46.525263, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:46.525306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.525345, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.525457, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:46.525496, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:46.525567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:46.525609, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:46.525650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:46.525689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:46.525729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:46.525769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:46.525813, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.525892, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e3-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.526071, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:46.526132, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e3-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.526262, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.526340, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.526417, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.526457, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:46.526497, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.526660, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e2-0000-0000-7b52-7635c5510000 +[2013/11/07 07:38:46.526789, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.526867, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:46.526944, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:46.526983, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:46.527038, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:46.527205, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:46.527254, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e1-0000-0000-7b52-7635c5510000 + result : WERR_OK +[2013/11/07 07:38:46.527404, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:46.527457, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:46.527500, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:46.527710, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:46.527752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:46.527795, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:46.527836, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:46.527889, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:46.528315, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:46.528365, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:46.528405, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:46.528451, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:46.528493, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:46.528537, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/132/127 +[2013/11/07 07:38:47.088144, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.088427, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 132 (position 132) from bitmap +[2013/11/07 07:38:47.088544, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 132 +[2013/11/07 07:38:47.088751, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.088909, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.091138, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.091876, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.092016, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 132, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.092124, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 3487054153 +[2013/11/07 07:38:47.092238, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:47.092343, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:47.092439, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:47.092537, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.092639, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.092732, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.092826, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:47.092945, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.093039, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.093134, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:47.093237, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.093559, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.096013, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:47.096127, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.096231, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:47.096332, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:47.096443, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.096550, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 17 for pipe \spoolss +[2013/11/07 07:38:47.096698, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.098190, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.098734, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:47.098855, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/133/127 +[2013/11/07 07:38:47.107647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.107997, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 133 (position 133) from bitmap +[2013/11/07 07:38:47.108118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 133 +[2013/11/07 07:38:47.108279, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.108392, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.110508, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.111011, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.111138, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 133, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.111242, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3487054153 +[2013/11/07 07:38:47.111360, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.111474, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:47.111585, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.112108, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:47.112360, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.112481, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/134/127 +[2013/11/07 07:38:47.113782, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.114297, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 134 (position 134) from bitmap +[2013/11/07 07:38:47.114437, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 134 +[2013/11/07 07:38:47.114578, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.114687, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.117311, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.118021, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.118153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 134, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.118261, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3487054153 +[2013/11/07 07:38:47.118378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:47.118477, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:47.118581, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:47.118736, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:47.118834, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.118935, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.119029, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.119123, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:47.119229, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.119323, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.119415, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:47.119518, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.119641, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:47.122928, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.123088, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.123200, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.123322, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.123426, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.125780, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.126268, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.126384, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:47.126492, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:47.126627, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:47.127997, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:47.128121, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.128318, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:47.128453, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:47.128676, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:47.128816, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:47.128917, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.129109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.129297, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.129560, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:47.129784, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:47.129839, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:47.129958, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.130013, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.130055, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.130153, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.130227, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.130460, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.130507, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.130553, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.130593, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.130633, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.130671, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.130839, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.130885, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.130932, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.130971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.131013, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.131050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.131156, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.131238, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e5-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.131432, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e5-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.131907, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.131989, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.132031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.132073, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.132112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.132153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.132191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.132273, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.132316, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.132368, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.132406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.132448, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.132486, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.132547, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.132589, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.132631, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.132670, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.132710, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.132748, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.132807, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.132848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.132891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.132929, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.132971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.133008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.133082, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.133124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.133167, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.133207, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.133258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.133296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.133424, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.133472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.133516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.133555, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.133598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.133636, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.133706, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.133749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.133792, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.133831, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.133873, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.133911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.133980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.134023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.134064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.134104, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.134145, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.134186, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.134238, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.134318, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e6-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.134483, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:47.134544, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e6-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.134675, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.134753, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.134830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.134870, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.134911, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.135075, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e5-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.135205, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.135282, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.135367, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.135408, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.135464, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.135623, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.135672, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e4-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.135824, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.135879, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.135922, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.136142, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:47.136186, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.136228, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.136270, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.136324, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:47.136782, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:47.136832, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.136873, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.136920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.136962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.137009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/135/127 +[2013/11/07 07:38:47.310880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.311314, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 135 (position 135) from bitmap +[2013/11/07 07:38:47.311448, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 135 +[2013/11/07 07:38:47.311608, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.311721, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.313934, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.314436, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.314953, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:47.315115, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.315222, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:47.315332, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 38D749DF +[2013/11/07 07:38:47.315463, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3a6110 +[2013/11/07 07:38:47.315650, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:47.315716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '38D749DF' stored +[2013/11/07 07:38:47.315819, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x38d749df (953633247) + open_persistent_id : 0x0000000038d749df (953633247) + open_volatile_id : 0x0000000073bafb83 (1941633923) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:47.317228, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 38D749DF +[2013/11/07 07:38:47.317341, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.317643, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:47.317753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:47.318112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x38d749df) stored +[2013/11/07 07:38:47.318295, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x73bafb83 (1941633923) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x38d749df (953633247) + open_persistent_id : 0x0000000038d749df (953633247) + open_volatile_id : 0x0000000073bafb83 (1941633923) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:47 2013 CET + compat : NULL +[2013/11/07 07:38:47.319826, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 1941633923 (6 used) +[2013/11/07 07:38:47.319950, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:47.320101, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:47.320222, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 18 for pipe \spoolss +[2013/11/07 07:38:47.320498, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:47.320611, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:47.320751, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 1941633923 +[2013/11/07 07:38:47.320910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:47.321026, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/136/127 +[2013/11/07 07:38:47.321520, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.321581, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 136 (position 136) from bitmap +[2013/11/07 07:38:47.321626, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 136 +[2013/11/07 07:38:47.321685, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.321739, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.322547, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.322770, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.322823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 136, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.322867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1907514170 +[2013/11/07 07:38:47.322914, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 166 +[2013/11/07 07:38:47.322954, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 166 +[2013/11/07 07:38:47.322996, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 166 +[2013/11/07 07:38:47.323033, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 166 +[2013/11/07 07:38:47.323072, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 166, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.323113, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.323150, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 150 +[2013/11/07 07:38:47.323188, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 150 +[2013/11/07 07:38:47.323231, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.323268, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 150 +[2013/11/07 07:38:47.323305, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 150, incoming data = 150 +[2013/11/07 07:38:47.323347, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.323397, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a6 (166) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x0000008e (142) + context_id : 0x0000 (0) + opnum : 0x0041 (65) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=142 + [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 00 00 00 00 00 00 00 00 00 00 02 00 .Q...... ........ + [0020] 13 00 00 00 00 00 00 00 13 00 00 00 5C 00 5C 00 ........ ....\.\. + [0030] 77 00 69 00 6E 00 38 00 31 00 2D 00 32 00 33 00 w.i.n.8. 1.-.2.3. + [0040] 39 00 2E 00 41 00 52 00 33 00 32 00 49 00 38 00 9...A.R. 3.2.I.8. + [0050] 00 00 00 00 DC B5 58 E6 04 00 02 00 02 00 00 00 ......X. ........ + [0060] 00 00 00 00 01 00 00 00 08 00 02 00 01 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ........ ........ + [0080] 0C 00 02 00 03 00 00 00 01 00 12 00 14 00 ........ ...... +[2013/11/07 07:38:47.324111, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.324150, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.324192, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.324238, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.324278, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.325037, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.325301, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.325348, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x41 - api_rpcTNP: rpc command: SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFYEX +[2013/11/07 07:38:47.325458, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[65].fn == 0x7f375c2577f0 +[2013/11/07 07:38:47.325516, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + in: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e1-0000-0000-7b52-7635c5510000 + flags : 0x00000000 (0) + 0: PRINTER_CHANGE_ADD_PRINTER + 0: PRINTER_CHANGE_SET_PRINTER + 0: PRINTER_CHANGE_DELETE_PRINTER + 0: PRINTER_CHANGE_FAILED_CONNECTION_PRINTER + 0: PRINTER_CHANGE_ADD_JOB + 0: PRINTER_CHANGE_SET_JOB + 0: PRINTER_CHANGE_DELETE_JOB + 0: PRINTER_CHANGE_WRITE_JOB + 0: PRINTER_CHANGE_ADD_FORM + 0: PRINTER_CHANGE_SET_FORM + 0: PRINTER_CHANGE_DELETE_FORM + 0: PRINTER_CHANGE_ADD_PORT + 0: PRINTER_CHANGE_CONFIGURE_PORT + 0: PRINTER_CHANGE_DELETE_PORT + 0: PRINTER_CHANGE_ADD_PRINT_PROCESSOR + 0: PRINTER_CHANGE_DELETE_PRINT_PROCESSOR + 0: PRINTER_CHANGE_SERVER + 0: PRINTER_CHANGE_ADD_PRINTER_DRIVER + 0: PRINTER_CHANGE_SET_PRINTER_DRIVER + 0: PRINTER_CHANGE_DELETE_PRINTER_DRIVER + 0: PRINTER_CHANGE_TIMEOUT + options : 0x00000000 (0) + local_machine : * + local_machine : '\\win81-239.AR32I8' + printer_local : 0xe658b5dc (3864573404) + notify_options : * + notify_options: struct spoolss_NotifyOption + version : 0x00000002 (2) + flags : 0x00000000 (0) + 0: PRINTER_NOTIFY_OPTIONS_REFRESH + count : 0x00000001 (1) + types : * + types: ARRAY(1) + types: struct spoolss_NotifyOptionType + type : PRINTER_NOTIFY_TYPE (0) + u1 : 0x0000 (0) + u2 : 0x00000000 (0) + u3 : 0x00000000 (0) + count : 0x00000003 (3) + fields : * + fields: ARRAY(3) + fields : union spoolss_Field(case 0) + field : PRINTER_NOTIFY_FIELD_PRINTER_NAME (1) + fields : union spoolss_Field(case 0) + field : PRINTER_NOTIFY_FIELD_STATUS (18) + fields : union spoolss_Field(case 0) + field : PRINTER_NOTIFY_FIELD_CJOBS (20) +[2013/11/07 07:38:47.326494, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.326580, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 7B 52 76 35 ........ ....{Rv5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.326657, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.326709, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2699(_spoolss_RemoteFindFirstPrinterChangeNotifyEx) + _spoolss_RemoteFindFirstPrinterChangeNotifyEx: remote_address is ipv4:10.200.8.239:50547 +[2013/11/07 07:38:47.326768, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2462(spoolss_connect_to_client) + spoolss_connect_to_client: Using address 10.200.8.239 (no name resolution necessary) +[2013/11/07 07:38:47.326853, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/util_sock.c:585(open_socket_out_send) + Connecting to 10.200.8.239 at port 445 +[2013/11/07 07:38:47.327598, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/util/util_net.c:848(print_socket_options) + Socket options: + SO_KEEPALIVE = 0 + SO_REUSEADDR = 0 + SO_BROADCAST = 0 + TCP_NODELAY = 1 + TCP_KEEPCNT = 9 + TCP_KEEPIDLE = 7200 + TCP_KEEPINTVL = 75 + IPTOS_LOWDELAY = 0 + IPTOS_THROUGHPUT = 0 + SO_REUSEPORT = 0 + SO_SNDBUF = 23400 + SO_RCVBUF = 87380 + SO_SNDLOWAT = 1 + SO_RCVLOWAT = 1 + SO_SNDTIMEO = 0 + SO_RCVTIMEO = 0 + TCP_QUICKACK = 1 + TCP_DEFER_ACCEPT = 0 +[2013/11/07 07:38:47.331257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/libsmb/clientgen.c:124(cli_init_creds) + cli_init_creds: user domain +[2013/11/07 07:38:47.332206, 2, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2499(spoolss_connect_to_client) + spoolss_connect_to_client: unable to open the spoolss pipe on machine win81-239.AR32I8. Error was : NT_STATUS_ACCESS_DENIED. +[2013/11/07 07:38:47.333041, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + out: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx + result : WERR_SERVER_UNAVAILABLE +[2013/11/07 07:38:47.333511, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.333814, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.333929, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 150 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 166 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.334519, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 166 +[2013/11/07 07:38:47.334628, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.334733, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.334838, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. +[2013/11/07 07:38:47.334969, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x001c (28) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000004 (4) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4 + [0000] BA 06 00 00 .... +[2013/11/07 07:38:47.335920, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 53 +[2013/11/07 07:38:47.336041, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 28 bytes. There is no more data outstanding +[2013/11/07 07:38:47.336141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 28 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.336254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 28 status NT_STATUS_OK +[2013/11/07 07:38:47.336356, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:28] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.336466, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/137/127 +[2013/11/07 07:38:47.336766, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.336886, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 137 (position 137) from bitmap +[2013/11/07 07:38:47.336989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 137 +[2013/11/07 07:38:47.337147, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.337256, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.339290, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.339866, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.339991, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 137, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.340095, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 1941633923 +[2013/11/07 07:38:47.340207, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:47.340310, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:47.340404, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:47.340501, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.340622, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.340718, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.340811, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:47.340913, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.341006, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.341099, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:47.341200, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.341316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.343654, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:47.343762, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.343864, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:47.343963, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:47.344072, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.344176, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 19 for pipe \spoolss +[2013/11/07 07:38:47.344315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.345578, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.345791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:47.345867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/138/127 +[2013/11/07 07:38:47.346842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.346920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 138 (position 138) from bitmap +[2013/11/07 07:38:47.346964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 138 +[2013/11/07 07:38:47.347021, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.347075, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.347841, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.348031, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.348081, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 138, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.348122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 1941633923 +[2013/11/07 07:38:47.348197, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.348242, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:47.348286, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.348493, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:47.348538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.348583, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/139/127 +[2013/11/07 07:38:47.349448, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.349520, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 139 (position 139) from bitmap +[2013/11/07 07:38:47.349562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 139 +[2013/11/07 07:38:47.349616, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.349659, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.350449, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.350639, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.350687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 139, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.350729, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1941633923 +[2013/11/07 07:38:47.350775, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:47.350814, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:47.350855, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:47.350893, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:47.350931, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.350970, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.351008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.351045, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:47.351086, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.351123, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.351160, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:47.351201, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.351248, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:47.352096, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.352135, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.352177, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.352223, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.352264, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.353025, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.353212, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.353254, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:47.353298, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:47.353386, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:47.353939, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:47.353990, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[6] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.354078, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:47.354133, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:47.354238, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:47.354295, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 6 printer handles active +[2013/11/07 07:38:47.354335, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.354412, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.354488, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.354553, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:47.354745, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:47.354797, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:47.354910, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.354964, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.355006, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.355096, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.355165, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.355397, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.355452, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.355497, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.355536, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.355574, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.355613, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.355775, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.355821, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.355868, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.355907, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.355947, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.355984, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.356063, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.356143, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e8-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.356327, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e8-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.356781, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.356863, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.356904, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.356948, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.356986, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.357027, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.357064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.357131, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.357173, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.357216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.357253, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.357294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.357331, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.357489, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.357534, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.357577, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.357615, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.357657, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.357694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.357761, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.357803, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.357847, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.357885, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.357926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.357974, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.358049, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.358091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.358134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.358173, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.358216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.358254, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.358312, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.358353, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.358397, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.358436, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.358477, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.358515, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.358582, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.358623, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.358675, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.358715, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.358758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.358795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.358863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.358905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.358946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.358987, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.359027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.359067, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.359111, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.359190, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e9-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.359356, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:47.359416, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e9-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.359546, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.359625, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.359710, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.359751, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.359792, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.359956, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e8-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.360086, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.360164, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.360241, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.360281, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.360335, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.360496, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.360546, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e7-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.360698, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.360751, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.360801, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.361012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:47.361054, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.361097, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.361139, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.361192, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:47.361685, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:47.361737, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.361778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.361824, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.361866, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.361912, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/140/127 +[2013/11/07 07:38:47.383136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.383315, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 140 (position 140) from bitmap +[2013/11/07 07:38:47.383378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 140 +[2013/11/07 07:38:47.383474, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.383534, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.384609, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.384873, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.384944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 140, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.385001, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1941633923 +[2013/11/07 07:38:47.385064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:47.385117, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:47.385194, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:47.385246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:47.385299, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.385353, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.385633, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:47.385729, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:47.385834, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.385928, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:47.386021, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:47.386124, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.386243, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.387372, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.387467, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.387570, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.387697, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.387801, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.390285, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.390778, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.390893, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:47.391003, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:47.391114, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e7-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.391444, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.391666, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.391862, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.392052, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.392152, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.392526, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.392650, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.392755, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.393278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:47.393593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.393715, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.393786, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.393843, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:47.394267, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:47.394317, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.394369, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.394416, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.394458, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.394503, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/141/127 +[2013/11/07 07:38:47.394691, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.394742, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 141 (position 141) from bitmap +[2013/11/07 07:38:47.394784, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 141 +[2013/11/07 07:38:47.394840, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.394882, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.395666, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.395855, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.395909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:47.395963, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.396004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:47.396048, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key D5B9A3A5 +[2013/11/07 07:38:47.396106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3a9670 +[2013/11/07 07:38:47.396185, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:47.396212, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'D5B9A3A5' stored +[2013/11/07 07:38:47.396253, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xd5b9a3a5 (3585713061) + open_persistent_id : 0x00000000d5b9a3a5 (3585713061) + open_volatile_id : 0x00000000f0b62d59 (4038471001) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:47.396719, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key D5B9A3A5 +[2013/11/07 07:38:47.396771, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.396811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:47.396852, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:47.396876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xd5b9a3a5) stored +[2013/11/07 07:38:47.396915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xf0b62d59 (4038471001) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xd5b9a3a5 (3585713061) + open_persistent_id : 0x00000000d5b9a3a5 (3585713061) + open_volatile_id : 0x00000000f0b62d59 (4038471001) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:47 2013 CET + compat : NULL +[2013/11/07 07:38:47.397584, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 4038471001 (7 used) +[2013/11/07 07:38:47.397635, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:47.397697, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:47.397747, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 20 for pipe \spoolss +[2013/11/07 07:38:47.397980, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:47.398032, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:47.398093, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 4038471001 +[2013/11/07 07:38:47.398168, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:47.398214, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/142/127 +[2013/11/07 07:38:47.401574, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.401800, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 142 (position 142) from bitmap +[2013/11/07 07:38:47.401930, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 142 +[2013/11/07 07:38:47.402097, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.402222, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.404160, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.404644, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.404802, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 1941633923 +[2013/11/07 07:38:47.404926, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.405026, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:47.405136, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 38D749DF +[2013/11/07 07:38:47.405262, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3543e0 +[2013/11/07 07:38:47.405592, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 38D749DF +[2013/11/07 07:38:47.405714, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.405815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:47.405956, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 1941633923 (6 used) +[2013/11/07 07:38:47.406108, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:47.406225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/143/127 +[2013/11/07 07:38:47.408083, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.408303, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 143 (position 143) from bitmap +[2013/11/07 07:38:47.408438, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 143 +[2013/11/07 07:38:47.408575, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.408683, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.410863, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.411360, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.411485, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 143, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.411590, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 4038471001 +[2013/11/07 07:38:47.411703, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:47.411806, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:47.411920, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:47.412019, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.412119, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.412214, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.412308, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:47.412411, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.412505, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.412649, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:47.412760, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.412909, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.415444, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:47.415750, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.415859, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:47.415959, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:47.416070, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.416200, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 20 for pipe \spoolss +[2013/11/07 07:38:47.416351, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.417885, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.418113, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:47.418332, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/144/127 +[2013/11/07 07:38:47.421531, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.421745, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 144 (position 144) from bitmap +[2013/11/07 07:38:47.421858, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 144 +[2013/11/07 07:38:47.422013, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.422125, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.424117, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.424600, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.424720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 144, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.424827, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 4038471001 +[2013/11/07 07:38:47.424942, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.425052, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:47.425161, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.425968, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:47.426085, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.426223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/145/127 +[2013/11/07 07:38:47.427810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.428009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 145 (position 145) from bitmap +[2013/11/07 07:38:47.428114, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 145 +[2013/11/07 07:38:47.428245, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.428350, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.430474, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.430953, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.431073, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 145, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.431204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:47.431321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:47.431419, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:47.431522, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:47.431616, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:47.431714, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.431813, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.431906, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.432000, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:47.432104, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.432198, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.432292, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:47.432393, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.432509, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:47.434780, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.434881, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.434986, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.435101, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.435204, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.437132, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.437700, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.437829, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:47.437941, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:47.438072, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:47.439383, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:47.439503, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[6] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.439701, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:47.439836, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:47.440059, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:47.440198, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 6 printer handles active +[2013/11/07 07:38:47.440296, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.440509, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.440700, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.440849, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:47.441219, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:47.441346, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:47.441721, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.441779, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.441821, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.441916, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.441989, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.442221, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.442268, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.442313, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.442353, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.442392, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.442431, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.442594, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.442639, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.442715, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.442754, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.442797, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.442835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.442917, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 EB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.442998, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000eb-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.443203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000eb-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.443818, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.443904, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.443945, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.443989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.444027, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.444082, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.444120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.444193, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.444235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.444278, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.444316, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.444357, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.444394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.444455, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.444496, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.444539, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.444577, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.444617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.444655, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.444712, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.444753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.444796, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.444834, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.444875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.444912, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.444986, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.445035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.445079, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.445118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.445161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.445199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.445258, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.445300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.445343, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.445444, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.445488, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.445526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.445595, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.445637, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.445680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.445718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.445871, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.445914, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.445985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.446027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.446078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.446119, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.446159, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.446199, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.446243, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 EC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.446323, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ec-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.446492, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:47.446554, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ec-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.446685, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.446764, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.446840, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.446880, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.446920, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.447082, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000eb-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.447221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.447299, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.447376, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.447415, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.447471, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.447636, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.447686, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.447839, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.447905, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.447948, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.448164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:47.448207, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.448250, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.448292, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.448354, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:47.448771, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:47.448821, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.448862, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.448909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.448951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.448997, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/146/127 +[2013/11/07 07:38:47.456830, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.457021, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 146 (position 146) from bitmap +[2013/11/07 07:38:47.457070, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 146 +[2013/11/07 07:38:47.457144, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.457191, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.458121, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.458330, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.458387, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:47.458442, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.458484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:47.458530, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 0E04C1DB +[2013/11/07 07:38:47.458585, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d354db0 +[2013/11/07 07:38:47.459036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:47.459082, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '0E04C1DB' stored +[2013/11/07 07:38:47.459127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x0e04c1db (235192795) + open_persistent_id : 0x000000000e04c1db (235192795) + open_volatile_id : 0x00000000905025bd (2421171645) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:47.459877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 0E04C1DB +[2013/11/07 07:38:47.459923, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.459963, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:47.460004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:47.460028, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x0e04c1db) stored +[2013/11/07 07:38:47.460067, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x905025bd (2421171645) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x0e04c1db (235192795) + open_persistent_id : 0x000000000e04c1db (235192795) + open_volatile_id : 0x00000000905025bd (2421171645) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:47 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:47 2013 CET + compat : NULL +[2013/11/07 07:38:47.460673, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 2421171645 (7 used) +[2013/11/07 07:38:47.460731, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:47.460796, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:47.460846, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 21 for pipe \spoolss +[2013/11/07 07:38:47.460952, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:47.460997, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:47.461057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 2421171645 +[2013/11/07 07:38:47.461122, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:47.461169, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/147/127 +[2013/11/07 07:38:47.464247, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.464487, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 147 (position 147) from bitmap +[2013/11/07 07:38:47.464597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 147 +[2013/11/07 07:38:47.464734, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.464843, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.467579, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.468269, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.468402, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 147, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.468508, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 2421171645 +[2013/11/07 07:38:47.468620, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:47.468724, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:47.468820, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:47.468917, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.469018, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.469113, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.469206, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:47.469309, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.469513, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.469611, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:47.469715, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.469838, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.472081, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:47.472186, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.472289, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:47.472386, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:47.472494, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.472598, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 22 for pipe \spoolss +[2013/11/07 07:38:47.472741, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.474160, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.474696, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:47.474814, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/148/127 +[2013/11/07 07:38:47.476545, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.476851, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 148 (position 148) from bitmap +[2013/11/07 07:38:47.476989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 148 +[2013/11/07 07:38:47.477130, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.477240, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.479336, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.479814, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.479936, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 148, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.480042, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2421171645 +[2013/11/07 07:38:47.480157, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.480285, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:47.480452, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.480985, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:47.481098, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.481210, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/149/127 +[2013/11/07 07:38:47.483254, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.483454, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 149 (position 149) from bitmap +[2013/11/07 07:38:47.483558, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 149 +[2013/11/07 07:38:47.483690, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.483796, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.485812, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.486288, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.486408, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 149, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.486512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2421171645 +[2013/11/07 07:38:47.486626, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:47.486753, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:47.486856, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:47.486951, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:47.487048, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.487149, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.487242, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.487337, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:47.487439, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.487531, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.487625, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:47.487726, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.487839, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:47.490111, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.490211, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.490314, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.490428, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.490529, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.492531, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.493008, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.493117, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:47.493225, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:47.493473, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:47.494906, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:47.495031, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[7] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.495229, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:47.495364, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:47.495585, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:47.495724, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 7 printer handles active +[2013/11/07 07:38:47.495823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.496017, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.496228, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.496381, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:47.496750, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:47.496878, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:47.497107, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.497233, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.497336, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.498027, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.498199, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.498766, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.498875, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.499007, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.499109, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.499301, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.499404, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.499735, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.499846, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.499958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.500055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.500155, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.500276, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.500464, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 EE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.500666, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ee-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.501194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ee-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.501903, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.501988, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.502029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.502073, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.502112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.502153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.502191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.502274, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.502317, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.502360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.502535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.502578, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.502617, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.502691, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.502733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.502777, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.502815, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.502856, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.502894, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.502953, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.503123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.503171, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.503209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.503251, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.503289, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.503364, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.503406, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.503449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.503500, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.503543, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.503581, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.503642, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.503683, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.503726, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.503764, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.503806, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.503844, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.503912, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.503954, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.503997, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.504036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.504078, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.504115, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.504184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.504226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.504267, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.504306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.504346, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.504395, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.504441, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 EF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.504533, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ef-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.504707, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:47.504769, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ef-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.504938, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.505018, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.505095, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.505136, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.505176, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.505340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ee-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.505544, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.505636, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 EE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.505712, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.505753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.505810, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.506030, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.506086, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ed-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.506239, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.506296, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.506340, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.506554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:47.506597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.506640, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.506682, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.506737, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:47.507164, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:47.507214, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.507255, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.507302, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.507344, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.507389, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/150/127 +[2013/11/07 07:38:47.527141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.527432, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 150 (position 150) from bitmap +[2013/11/07 07:38:47.527546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 150 +[2013/11/07 07:38:47.527698, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.527809, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.530119, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.530607, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.530736, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 150, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.530841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:47.530956, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:47.531058, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:47.531162, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:47.531258, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:47.531355, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.531456, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.531550, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.531645, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:47.531750, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.531845, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.531962, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:47.532066, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.532761, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:47.558452, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.558588, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.558709, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.558831, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.558938, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.560865, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.561352, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.561625, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:47.561671, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:47.561723, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:47.570958, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.571043, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.571122, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.571292, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.571353, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.571395, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.571496, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.571578, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.571821, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.571868, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.571915, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.571955, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.571994, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.572032, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.572208, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.572253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.572300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.572339, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.572380, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.572418, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.572504, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 F0 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.572584, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f0-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.572774, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f0-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.573226, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F0 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.573308, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.573348, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.573498, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.573538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.573579, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.573616, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.573687, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.573730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.573772, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.573809, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.573850, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.573887, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.573947, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.573989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.574031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.574068, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.574109, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.574146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.574212, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.574253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.574296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.574333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.574374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.574411, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.574487, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.574530, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.574574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.574614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.574656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.574694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.574755, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.574796, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.574840, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.574879, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.574922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.574959, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.575029, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.575071, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.575123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.575163, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.575206, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.575243, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.575313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.575356, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.575397, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.575437, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.575477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.575517, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.575561, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.575639, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.575820, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:47.576036, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.576119, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.576169, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.576232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.576277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.576318, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.576360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.576403, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.576445, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.576487, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.576529, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.576572, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.576614, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.576656, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.576698, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.576740, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.576783, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.576846, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:47.577303, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.577734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.577812, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.577859, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.578261, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.578643, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.578720, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.578764, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:47.579123, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.579494, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.579579, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.579624, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:47.580083, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.580458, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.580536, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.580582, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.580989, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.581387, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.581488, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.581535, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:47.582504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.582874, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.582951, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.582996, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.583625, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.583995, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.584071, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.584116, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.584749, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.585119, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.585196, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.585242, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.585720, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.586094, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.586171, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.586217, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.590734, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.591109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.591186, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.591232, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.591865, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.592235, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.592311, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.592357, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.592747, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.593124, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.593201, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.593246, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.593679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.594050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.594135, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.594181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.594608, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.594953, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.595031, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.595071, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.595116, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:47.595156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:47.595388, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.595615, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.595657, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.595700, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.595739, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.595779, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.595817, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.595894, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 F2 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.595973, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f2-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.596139, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f2-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.596585, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F2 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.596665, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.596706, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.596747, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.596785, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.596825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.596863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.596926, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.596967, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.597009, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.597047, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.597086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.597124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.597183, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.597223, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.597266, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.597304, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.597344, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.597442, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.597516, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.597558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.597602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.597639, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.597680, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.597717, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.597788, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.597829, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.597871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.597912, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.597954, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.597991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.598050, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.598092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:47.598135, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.598175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.598216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.598253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.598320, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.598369, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:47.598414, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.598453, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.598495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.598533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.598601, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:47.598656, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:47.598697, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.598737, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.598789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.598830, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.598873, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 F3 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.598951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f3-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.599125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f3-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.599493, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F3 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.599572, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.599611, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.599651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.599693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.599753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.599797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.599839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.599881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.599923, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.599965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.600008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.600050, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.600093, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.600135, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.600177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.600220, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.600263, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.600315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:47.600529, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f3-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.600886, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F3 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.600963, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.601002, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.601047, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.605500, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f3-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.605636, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F3 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.605715, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F3 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.605792, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.605837, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.605879, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.606042, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f2-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.606171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F2 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.606257, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F2 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.606333, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.606372, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.606413, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.606574, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f1-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.606702, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.606779, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F1 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.606855, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.606898, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.606939, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.607099, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f0-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.607227, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F0 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.607312, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F0 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.607389, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.607429, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.607489, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.607652, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.607810, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:47.612924, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.612992, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.613037, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.613264, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:47.613310, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.613353, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.613451, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:47.613507, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:47.623418, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:47.623472, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:47.623522, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:47.623567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.623614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/151/127 +[2013/11/07 07:38:47.625422, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.625510, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 151 (position 151) from bitmap +[2013/11/07 07:38:47.625556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 151 +[2013/11/07 07:38:47.625633, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.625685, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.626694, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.626930, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.626987, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 151, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.627031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 4038471001 +[2013/11/07 07:38:47.627114, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:47.627161, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:47.627215, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.627436, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:47.627482, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.627527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/152/127 +[2013/11/07 07:38:47.631176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.631418, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 152 (position 152) from bitmap +[2013/11/07 07:38:47.631532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 152 +[2013/11/07 07:38:47.631972, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.632099, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.634312, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.634801, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.635025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 152, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.635139, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:47.635256, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:47.635358, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:47.635463, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:47.635559, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:47.635657, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.635759, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.635854, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.635973, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:47.636136, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.636235, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.636331, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:47.636437, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.636563, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:47.651905, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.651956, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.652006, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.652055, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.652097, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.652878, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.653071, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.653119, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:47.653163, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:47.653214, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:47.662687, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.662774, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.662852, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.663041, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.663105, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.663149, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.663249, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.663328, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.663573, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.663619, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.663665, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.663705, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.663743, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.663782, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.663955, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.664000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.664047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.664086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.664127, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.664164, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.664249, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 F4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.664330, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f4-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.664519, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f4-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.664974, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.665056, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.665097, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.665140, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.665179, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.665220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.665257, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.665325, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.665457, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.665502, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.665541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.665598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.665637, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.665709, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.665751, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.665794, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.665840, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.665889, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.665927, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.665986, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.666035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.666078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.666133, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.666175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.666212, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.666297, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.666340, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.666384, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.666433, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.666476, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.666522, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.666585, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.666635, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.666680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.666720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.666764, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.666848, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.666922, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.666973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.667018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.667057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.667099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.667136, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.667206, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.667249, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.667289, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.667329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.667369, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.667409, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.667454, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.667532, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.667714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:47.667940, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.668023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.668064, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.668128, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.668172, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.668214, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.668256, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.668298, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.668340, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.668382, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.668519, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.668564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.668607, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.668650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.668692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.668734, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.668777, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.668850, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:47.669316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.669865, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.669949, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.670031, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.670454, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.670830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.670906, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.670951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:47.671310, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.671691, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.671767, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.671811, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:47.672265, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.672636, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.672712, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.672766, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.673158, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.673630, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.673720, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.673768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:47.674845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.675236, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.675314, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.675368, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.675989, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.676360, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.676445, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.676491, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.677145, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.677607, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.677686, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.677732, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.678136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.678508, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.678585, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.678630, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.683206, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.683583, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.683660, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.683707, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.684337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.684706, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.684782, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.684827, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.685237, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.685686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.685764, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.685838, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.686237, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.686621, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.686698, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.686744, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.687176, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.687576, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.687655, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.687704, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.687751, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:47.687792, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:47.688018, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.688248, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.688290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.688333, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.688372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.688412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.688449, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.688531, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 F6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.688610, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f6-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.688777, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f6-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.689235, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.689316, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.689386, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.689461, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.689500, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.689574, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.689614, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.689682, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.689724, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.689767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.689805, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.689845, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.689883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.689944, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.689985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.690037, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.690077, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.690118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.690155, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.690213, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.690253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.690296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.690334, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.690375, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.690413, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.690483, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.690524, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.690567, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.690608, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.690651, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.690689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.690749, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.690790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:47.690834, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.690873, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.690923, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.690962, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.691031, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.691073, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:47.691118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.691158, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.691200, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.691238, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.691307, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:47.691349, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:47.691391, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.691431, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.691471, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.691512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.691556, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 F7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.691635, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f7-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.691812, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f7-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.692163, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.692241, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.692281, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.692322, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.692364, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.692424, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.692467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.692509, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.692552, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.692594, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.692636, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.692678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.692721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.692764, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.692806, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.692856, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.692899, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.692942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.692986, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:47.693197, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f7-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.693635, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.693714, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.693755, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.693801, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.698238, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f7-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.698374, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.698452, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F7 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.698529, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.698575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.698617, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.698787, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f6-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.698918, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.698996, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F6 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.699072, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.699112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.699154, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.699316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f5-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.699445, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.699522, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F5 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.699599, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.699642, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.699684, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.699847, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f4-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.699983, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.700061, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.700136, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.700175, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.700236, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.700398, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.700558, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:47.706220, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.706300, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.706345, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.706573, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:47.706619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:47.706661, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:47.706703, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:47.706758, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:47.716171, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:47.716234, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:47.716278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.716328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:47.716371, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.716419, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/153/127 +[2013/11/07 07:38:47.727401, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.727656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 153 (position 153) from bitmap +[2013/11/07 07:38:47.727771, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 153 +[2013/11/07 07:38:47.727921, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.728048, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.730155, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.730640, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.730770, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 153, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.730875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:47.730990, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:47.731091, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:47.731194, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:47.731288, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:47.731386, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.731486, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.731580, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.731674, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:47.731780, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.731875, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.732077, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:47.732211, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.732335, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:47.747388, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.747431, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.747480, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.747529, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.747571, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.748353, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.748543, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.748591, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:47.748646, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:47.748697, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:47.757958, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.758042, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.758119, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.758284, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.758345, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.758387, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.758489, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.758569, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.758802, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.758858, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.758904, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.758944, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.758982, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.759021, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.759197, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.759242, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.759287, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.759327, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.759368, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.759405, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.759491, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 F8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.759572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f8-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.759762, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f8-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.760214, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.760296, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.760336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.760379, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.760417, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.760457, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.760493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.760562, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.760604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.760646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.760684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.760725, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.760762, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.760822, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.760863, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.760905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.760943, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.760984, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.761021, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.761092, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.761134, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.761177, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.761216, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.761257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.761295, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.761447, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.761496, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.761540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.761579, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.761622, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.761659, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.761720, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.761762, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.761805, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.761844, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.761886, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.761924, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.761991, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.762033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.762084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.762123, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.762166, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.762203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.762271, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.762313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.762354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.762394, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.762433, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.762473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.762516, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.762595, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.762772, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:47.762992, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.763076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.763127, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.763191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.763235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.763278, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.763319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.763362, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.763404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.763446, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.763488, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.763531, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.763574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.763616, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.763659, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.763701, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.763744, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.763807, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:47.764265, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.764642, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.764720, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.764766, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.765163, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.765616, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.765696, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.765742, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:47.766106, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.766479, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.766564, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.766609, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:47.767064, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.767434, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.767511, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.767555, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.767951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.768321, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.768398, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.768442, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:47.769558, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.769933, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.770012, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.770058, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.770692, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.771063, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.771140, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.771185, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.771821, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.772192, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.772269, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.772315, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.772714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.773083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.773159, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.773204, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.777769, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.778144, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.778221, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.778268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.778902, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.779273, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.779350, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.779395, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.779787, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.780165, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.780242, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.780288, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.780679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.781049, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.781135, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.781181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.781710, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.782058, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.782137, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.782177, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.782223, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:47.782264, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:47.782498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.782725, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.782766, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.782809, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.782848, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.782889, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.782925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.783008, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 FA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.783088, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fa-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.783256, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fa-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.783702, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.783783, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.783823, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.783865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.783903, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.783943, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.783980, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.784044, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.784085, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.784127, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.784165, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.784205, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.784242, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.784301, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.784342, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.784384, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.784422, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.784462, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.784500, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.784565, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.784607, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.784649, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.784687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.784727, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.784764, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.784835, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.784876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.784918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.784956, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.784998, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.785035, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.785096, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.785137, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:47.785181, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.785220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.785263, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.785300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.785421, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.785467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:47.785521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.785562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.785604, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.785643, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.785712, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:47.785754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:47.785795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.785835, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.785876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.785916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.785959, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 FB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.786037, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fb-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.786210, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fb-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.786560, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.786638, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.786678, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.786718, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.786760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.786821, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.786864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.786907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.786949, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.786991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.787033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.787076, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.787118, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.787161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.787204, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.787247, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.787290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.787332, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.787383, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:47.787594, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fb-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.787949, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.788027, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.788067, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.788111, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.792549, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fb-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.792698, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.792787, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FB 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.792864, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.792909, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.792950, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.793114, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fa-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.793255, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.793341, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.793453, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.793495, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.793537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.793703, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f9-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.793833, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.793910, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F9 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.793987, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.794032, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.794073, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.794234, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000f8-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.794363, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.794441, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 F8 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.794529, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.794571, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.794634, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.794799, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.794962, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:47.800391, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.800474, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.800520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.800752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:47.800797, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:47.800841, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:47.800884, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:47.800940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:47.810439, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:47.810503, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:47.810546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.810596, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:47.810641, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.810687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/154/127 +[2013/11/07 07:38:47.814469, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.814566, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 154 (position 154) from bitmap +[2013/11/07 07:38:47.814612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 154 +[2013/11/07 07:38:47.814689, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.814772, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.815619, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.815824, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.815880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 154, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.815923, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:47.815971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:47.816012, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:47.816053, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:47.816091, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:47.816130, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.816171, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.816209, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.816247, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:47.816290, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.816327, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.816365, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:47.816408, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.816467, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:47.826316, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.826365, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.826414, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.826462, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.826505, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.827272, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.827471, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.827518, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:47.827562, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:47.827612, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:47.837286, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.837444, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.837524, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.837687, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.837747, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.837790, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.837893, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.837974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.838207, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.838253, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.838298, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.838339, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.838378, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.838428, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.838605, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.838650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.838695, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.838735, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.838776, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.838814, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.838899, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 FC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.838980, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fc-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.839170, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fc-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.839614, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.839695, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.839744, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.839788, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.839825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.839866, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.839903, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.839969, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.840011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.840053, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.840091, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.840131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.840168, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.840230, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.840271, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.840313, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.840351, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.840391, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.840428, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.840486, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.840527, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.840569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.840607, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.840656, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.840694, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.840766, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.840808, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.840851, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.840890, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.840933, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.840970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.841030, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.841071, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.841114, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.841153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.841195, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.841233, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.841300, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.841341, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.841468, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.841509, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.841553, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.841599, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.841671, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.841714, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.841755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.841795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.841834, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.841874, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.841918, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.841996, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.842172, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:47.842388, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.842471, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.842513, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.842575, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.842628, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.842671, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.842713, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.842755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.842798, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.842840, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.842883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.842925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.842968, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.843010, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.843053, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.843095, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.843139, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.843202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:47.843661, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.844039, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.844116, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.844163, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.844560, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.844943, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.845021, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.845066, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:47.845498, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.845879, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.845957, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.846002, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:47.846478, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.846852, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.846930, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.846974, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.847380, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.847755, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.847833, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.847878, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:47.848840, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.849212, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.849289, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.849334, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.850024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.850400, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.850478, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.850523, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.851155, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.851528, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.851605, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.851650, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.852040, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.852419, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.852497, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.852542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.857046, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.857464, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.857544, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.857589, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:47.858222, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.858598, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.858675, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.858720, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.859113, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.859493, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.859571, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.859616, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.860010, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.860383, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.860459, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.860505, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.860944, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.861291, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.861418, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.861463, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.861509, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:47.861550, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:47.861774, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.862014, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.862057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.862100, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.862138, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.862179, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.862215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.862292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 FE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.862372, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fe-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.862541, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fe-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.862977, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.863065, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.863106, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.863147, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.863185, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.863225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.863262, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.863326, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.863367, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.863409, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.863446, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.863486, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.863522, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.863582, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.863623, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.863664, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.863702, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.863742, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.863779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.863836, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.863876, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.863918, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.863962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.864003, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.864041, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.864112, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.864152, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.864195, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.864236, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.864278, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.864315, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.864374, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.864415, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:47.864459, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.864499, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.864541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.864579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.864645, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.864686, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:47.864730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.864770, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.864811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.864858, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.864926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:47.864968, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:47.865009, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.865049, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.865089, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.865129, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.865171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 FF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.865249, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ff-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.865463, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ff-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.865806, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.865883, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.865923, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.865971, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.866012, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.866072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.866115, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.866157, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.866200, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.866242, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.866284, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.866326, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.866369, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.866412, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.866454, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.866496, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.866537, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.866580, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.866624, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:47.866844, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ff-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:47.867202, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.867279, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.867319, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:47.867363, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:47.871858, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ff-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.871995, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.872074, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FF 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.872150, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.872196, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.872237, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.872401, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fe-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.872532, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.872610, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FE 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.872686, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.872727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.872775, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.872940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fd-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.873070, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.873148, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FD 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.873223, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.873266, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.873308, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.873524, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000fc-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.873656, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.873734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 FC 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.873810, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.873850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.873910, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.874084, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.874244, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:47.879337, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.879406, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.879451, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.879679, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:47.879724, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:47.879767, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:47.879810, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:47.879865, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000006 (6) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:47.889229, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:47.889288, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:47.889329, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.889425, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:47.889471, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.889517, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/155/127 +[2013/11/07 07:38:47.898433, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.898679, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 155 (position 155) from bitmap +[2013/11/07 07:38:47.898795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 155 +[2013/11/07 07:38:47.898943, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.899054, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.900952, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.901576, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.901712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:47.901838, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.901939, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:47.902048, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 6772676C +[2013/11/07 07:38:47.902171, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3a9670 +[2013/11/07 07:38:47.902349, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:47.902414, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '6772676C' stored +[2013/11/07 07:38:47.902518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x6772676c (1735550828) + open_persistent_id : 0x000000006772676c (1735550828) + open_volatile_id : 0x00000000ccfcda39 (3439123001) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:47.903670, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 6772676C +[2013/11/07 07:38:47.903777, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:47.903874, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:47.903977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:47.904037, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x6772676c) stored +[2013/11/07 07:38:47.904133, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xccfcda39 (3439123001) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x6772676c (1735550828) + open_persistent_id : 0x000000006772676c (1735550828) + open_volatile_id : 0x00000000ccfcda39 (3439123001) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:48 2013 CET + compat : NULL +[2013/11/07 07:38:47.905806, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 3439123001 (8 used) +[2013/11/07 07:38:47.905929, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:47.906070, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:47.906188, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 23 for pipe \spoolss +[2013/11/07 07:38:47.906421, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:47.906528, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:47.906660, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 3439123001 +[2013/11/07 07:38:47.906811, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:47.906925, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/156/127 +[2013/11/07 07:38:47.908031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.908225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 156 (position 156) from bitmap +[2013/11/07 07:38:47.908331, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 156 +[2013/11/07 07:38:47.908465, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.908571, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.910685, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.911166, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.911288, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 156, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.911393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 3439123001 +[2013/11/07 07:38:47.911503, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:47.911604, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:47.911698, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:47.911818, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.911919, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.912012, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.912105, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:47.912207, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.912300, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:47.912393, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:47.912494, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.912613, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.915758, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:47.915883, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.915987, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:47.916085, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:47.916192, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:47.916294, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 24 for pipe \spoolss +[2013/11/07 07:38:47.916434, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:47.917848, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.918406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:47.918522, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/157/127 +[2013/11/07 07:38:47.920743, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.920928, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 157 (position 157) from bitmap +[2013/11/07 07:38:47.921035, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 157 +[2013/11/07 07:38:47.921170, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.921278, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.923427, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.923906, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.924058, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 157, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.924164, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3439123001 +[2013/11/07 07:38:47.924279, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.924385, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:47.924493, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.925008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:47.925117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:47.925227, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/158/127 +[2013/11/07 07:38:47.926957, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.927176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 158 (position 158) from bitmap +[2013/11/07 07:38:47.927287, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 158 +[2013/11/07 07:38:47.927457, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.927564, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.929647, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.930133, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.930257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 158, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.930362, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3439123001 +[2013/11/07 07:38:47.930475, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:47.930575, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:47.930677, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:47.930772, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:47.930869, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.930968, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.931061, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.931154, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:47.931255, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.931348, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:47.931441, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:47.931565, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.931681, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:47.934248, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.934359, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.934464, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.934579, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.934685, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.936606, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.937079, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.937188, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:47.937296, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:47.937528, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:47.938926, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:47.939050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[8] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.939250, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:47.939410, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:47.939632, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:47.939771, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 8 printer handles active +[2013/11/07 07:38:47.939871, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.940066, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.940258, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.940408, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:47.940781, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:47.940909, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:47.941146, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.941278, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.941505, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.941711, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.941868, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.942469, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.942580, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.942691, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.942789, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.942885, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.943213, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.943559, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.943674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.943786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.943884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.943986, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.944080, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.944269, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 01 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.944472, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000101-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.944929, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000101-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.945894, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 01 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.945980, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.946022, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.946065, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.946103, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.946143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.946180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.946251, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.946294, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.946337, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.946374, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.946415, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.946452, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.946513, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.946554, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.946597, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.946634, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.946684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.946721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.946779, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.946820, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.946862, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.946900, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.946941, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.946978, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.947051, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.947092, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.947138, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.947178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.947220, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.947258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.947321, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.947363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.947407, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.947447, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.947489, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.947526, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.947603, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.947646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.947691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.947731, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.947774, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.947811, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.947881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.947923, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.947965, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.948005, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.948044, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.948084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.948127, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.948205, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000102-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.948370, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:47.948429, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000102-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.948567, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.948646, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.948723, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.948764, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:47.948805, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.948968, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000101-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:47.949098, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 01 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.949175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 01 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.949250, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:47.949290, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:47.949345, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:47.949583, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:47.949634, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000100-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.949795, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:47.949850, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.949894, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:47.950112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:47.950155, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:47.950198, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:47.950240, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:47.950293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:47.950713, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:47.950763, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:47.950803, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:47.950849, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:47.950891, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:47.950944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/159/127 +[2013/11/07 07:38:47.964274, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:47.964393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 159 (position 159) from bitmap +[2013/11/07 07:38:47.964440, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 159 +[2013/11/07 07:38:47.964505, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.964558, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.965346, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.965752, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:47.965842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 159, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:47.965937, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3439123001 +[2013/11/07 07:38:47.966017, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:47.966083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:47.966150, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:47.966213, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:47.966277, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:47.966344, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:47.966406, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.966468, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:47.966538, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:47.966601, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:47.966663, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:47.966733, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:47.966815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:47.977459, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:47.977504, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:47.977560, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.977608, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.977651, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:47.978412, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:47.978602, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:47.978648, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:47.978691, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:47.978741, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000100-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:47.987930, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.988023, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.988100, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:47.988263, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:47.988323, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:47.988366, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:47.988465, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:47.988542, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.988778, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:47.988823, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.988868, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:47.988908, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:47.988947, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:47.988985, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:47.989160, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:47.989205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:47.989250, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:47.989289, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:47.989330, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.989461, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:47.989548, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.989631, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000103-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.989821, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000103-0000-0000-7b52-7735c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:47.990264, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.990346, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:47.990387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:47.990429, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.990467, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.990507, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.990544, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:47.990621, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:47.990663, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:47.990708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.990747, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.990787, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.990824, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:47.990885, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:47.990926, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:47.990969, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.991007, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.991047, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.991084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:47.991142, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:47.991183, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:47.991226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.991265, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.991306, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.991344, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:47.991418, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:47.991459, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:47.991503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.991551, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.991594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.991632, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:47.991693, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:47.991734, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:47.991778, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.991817, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.991859, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.991897, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:47.991966, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:47.992008, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:47.992052, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.992092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.992134, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:47.992171, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.992240, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:47.992282, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:47.992323, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:47.992363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:47.992403, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:47.992450, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:47.992492, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.992570, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + result : WERR_OK +[2013/11/07 07:38:47.992744, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:47.992958, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.993040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:47.993081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.993145, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:47.993189, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:47.993232, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:47.993273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:47.993315, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:47.993389, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:47.993468, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:47.993520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:47.993564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:47.993606, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:47.993649, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:47.993692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:47.993735, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:47.993778, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.993843, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:47.994293, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.994678, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.994756, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.994803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.995200, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.995571, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.995648, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.995692, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:47.996058, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.996428, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.996504, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.996548, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:47.997010, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.997425, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.997504, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.997550, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:47.997946, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.998327, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.998403, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.998449, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:47.999402, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:47.999780, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:47.999857, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:47.999902, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.000523, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.000902, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.000978, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.001024, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.001806, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.002193, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.002272, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.002319, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.002714, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.003083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.003160, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.003213, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:48.007705, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.008087, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.008164, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.008210, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.008832, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.009211, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.009288, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.009333, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.009769, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.010140, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.010218, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.010263, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.010663, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.011033, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.011110, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.011156, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.011584, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.011935, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.012014, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.012054, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.012098, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:48.012138, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:48.012360, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.012585, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.012627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.012669, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.012708, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.012756, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.012795, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.012869, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.012948, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000105-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.013115, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000105-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.013598, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.013680, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.013721, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.013763, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.013801, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.013840, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.013878, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.013955, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.013998, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.014040, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.014078, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.014118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.014156, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.014216, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.014258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.014300, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.014338, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.014378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.014416, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.014473, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.014514, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.014556, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.014594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.014634, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.014672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.014743, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.014784, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.014827, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.014875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.014919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.014957, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.015017, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.015058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:48.015102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.015142, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.015183, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.015221, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.015287, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.015328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:48.015372, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.015412, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.015455, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.015493, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.015561, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:48.015603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:48.015645, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.015685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.015732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.015772, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.015814, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.015892, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000106-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.016064, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000106-0000-0000-7b52-7835c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.016405, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.016482, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.016523, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.016563, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:48.016604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.016678, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:48.016723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:48.016774, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:48.016817, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:48.016858, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:48.016901, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:48.016942, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:48.016985, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:48.017028, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:48.017071, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:48.017113, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:48.017156, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:48.017251, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:48.017297, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:48.017576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000106-0000-0000-7b52-7835c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.017944, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.018023, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.018062, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.018107, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:48.022809, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000106-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.022959, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.023039, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.023116, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.023161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.023202, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.023366, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000105-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.023496, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.023573, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.023648, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.023689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.023730, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.023892, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000104-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.024022, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.024108, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.024183, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.024228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:48.024269, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.024431, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000103-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.024560, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.024638, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.024713, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.024753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:48.024815, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.024981, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:48.025148, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:48.030359, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.030430, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.030485, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.030712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:48.030757, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.030800, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.030843, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:48.030899, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:48.040522, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:48.040577, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:48.040627, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:48.040671, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.040718, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/160/127 +[2013/11/07 07:38:48.042344, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.042595, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 160 (position 160) from bitmap +[2013/11/07 07:38:48.042710, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 160 +[2013/11/07 07:38:48.042905, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.043020, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.044924, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.045543, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.045683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 160, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.045788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3439123001 +[2013/11/07 07:38:48.045905, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:48.046013, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:48.046127, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.047020, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:48.047143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:48.047258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/161/127 +[2013/11/07 07:38:48.051917, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.052064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 161 (position 161) from bitmap +[2013/11/07 07:38:48.052150, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 161 +[2013/11/07 07:38:48.052258, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.052304, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.053091, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.053311, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.053511, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 161, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.053611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3439123001 +[2013/11/07 07:38:48.053705, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:48.053786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:48.053869, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:48.053945, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:48.054022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.054103, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.054177, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:48.054252, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:48.054337, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.054414, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:48.054489, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:48.054574, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.054676, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:48.069572, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.069615, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.069661, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.069709, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.069750, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.070609, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.070801, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.070848, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:48.070892, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:48.070949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000100-0000-0000-7b52-7735c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:48.080107, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.080190, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.080267, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:48.080427, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:48.080486, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:48.080528, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:48.080628, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:48.080706, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.080938, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.080983, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.081027, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.081067, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.081106, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:48.081145, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:48.081319, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.081455, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:48.081503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.081543, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.081584, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.081621, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.081707, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.081790, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000107-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.081983, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000107-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.082429, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.082510, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.082551, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:48.082594, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.082648, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.082689, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.082728, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.082797, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.082838, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.082881, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.082920, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.082961, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.082999, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.083061, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.083102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.083146, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.083184, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.083225, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.083262, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.083319, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.083360, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.083404, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.083443, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.083484, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.083521, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.083599, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.083641, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.083685, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.083725, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.083767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.083805, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.083865, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.083907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.083950, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.083990, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.084032, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.084070, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.084138, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.084180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.084224, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.084264, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.084306, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.084343, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.084412, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.084462, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.084504, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.084544, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.084584, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.084624, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.084667, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.084745, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.084919, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:48.085133, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.085215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:48.085258, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.085321, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:48.085419, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:48.085467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:48.085510, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:48.085562, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:48.085604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:48.085647, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:48.085689, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:48.085732, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:48.085775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:48.085817, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:48.085860, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:48.085902, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:48.085946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.086011, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:48.086463, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.086845, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.086923, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.086969, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.087363, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.087732, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.087816, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.087862, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:48.088220, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.088590, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.088666, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.088711, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:48.089175, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.089702, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.089784, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.089832, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.090231, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.090614, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.090692, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.090738, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:48.091701, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.092075, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.092153, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.092198, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.092828, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.093198, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.093276, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.093321, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.094109, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.094490, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.094569, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.094616, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.095015, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.095399, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.095478, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.095525, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:48.100057, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.100439, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.100518, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.100564, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:48.101189, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.101630, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.101709, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.101755, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.102149, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.102519, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.102603, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.102649, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.103039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:48.103409, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.103486, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.103531, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:48.103968, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.104313, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.104391, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.104431, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.104476, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:48.104516, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:48.104735, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.104961, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.105010, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.105054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.105093, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.105133, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.105170, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.105249, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.105329, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000109-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.105553, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000109-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.105992, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.106072, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.106112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.106153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.106200, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.106240, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.106277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.106342, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.106383, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.106425, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.106463, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.106502, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.106540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.106599, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.106640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.106682, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.106719, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.106759, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.106797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.106854, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.106895, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.106938, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.106976, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.107017, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.107055, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.107134, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.107176, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.107219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.107257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.107299, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.107336, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.107395, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.107436, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:48.107481, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.107520, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.107562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.107600, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.107664, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.107706, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:48.107750, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.107790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.107832, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.107870, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.107938, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:48.107988, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:48.108029, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.108069, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.108109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.108149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.108191, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.108268, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010a-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.108437, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010a-0000-0000-7b52-7835c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.108776, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.108854, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.108893, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.108934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:48.108986, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.109047, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:48.109091, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:48.109133, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:48.109175, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:48.109218, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:48.109260, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:48.109302, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:48.109345, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:48.109434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:48.109478, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:48.109520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:48.109562, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:48.109605, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:48.109649, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:48.109863, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010a-0000-0000-7b52-7835c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:48.110230, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.110307, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.110347, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:48.110392, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:48.114818, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010a-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.114953, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.115032, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.115108, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.115153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.115194, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.115356, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000109-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.115487, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.115563, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.115639, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.115679, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.115720, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.115892, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000108-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.116022, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.116099, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.116175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.116219, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:48.116259, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.116420, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000107-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.116549, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.116626, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.116702, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.116741, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:48.116802, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.116965, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:48.117127, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:48.122523, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.122595, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.122641, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.122868, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:48.122913, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:48.122955, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:48.122998, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:48.123054, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:48.132569, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:48.132629, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:48.132672, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.132721, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:48.132765, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.132819, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/162/127 +[2013/11/07 07:38:48.150134, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.150307, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 162 (position 162) from bitmap +[2013/11/07 07:38:48.150355, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 162 +[2013/11/07 07:38:48.150428, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.150473, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.151350, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.151554, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.151611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 162, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.151654, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3439123001 +[2013/11/07 07:38:48.151785, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.151830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.151872, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.151911, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.151950, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.151991, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.152029, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.152067, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.152108, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.152146, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.152183, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.152225, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.152279, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.152750, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.152799, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.152841, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.152888, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.152929, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.154178, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.154500, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.154578, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.154651, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.154725, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000100-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.154961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.155094, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.155222, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 00 01 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.155349, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.155416, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.155666, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.155748, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.155817, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.156175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.156248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:48.156319, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:48.156387, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.156471, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.157189, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.157269, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.157336, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.157496, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.157569, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.157644, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/163/127 +[2013/11/07 07:38:48.162108, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.162395, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 163 (position 163) from bitmap +[2013/11/07 07:38:48.162527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 163 +[2013/11/07 07:38:48.162682, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.162793, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.164776, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.165276, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.165627, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 3439123001 +[2013/11/07 07:38:48.165764, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.165865, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.165975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 6772676C +[2013/11/07 07:38:48.166126, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d34aa70 +[2013/11/07 07:38:48.166258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 6772676C +[2013/11/07 07:38:48.166364, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.166462, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.166596, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 3439123001 (7 used) +[2013/11/07 07:38:48.166751, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.166867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/164/127 +[2013/11/07 07:38:48.168406, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.168611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 164 (position 164) from bitmap +[2013/11/07 07:38:48.168723, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 164 +[2013/11/07 07:38:48.168890, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.169025, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.172304, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.172811, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.172945, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:48.173073, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.173176, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.173286, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 347F2EE3 +[2013/11/07 07:38:48.173918, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d390c40 +[2013/11/07 07:38:48.174221, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:48.174295, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '347F2EE3' stored +[2013/11/07 07:38:48.174453, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x347f2ee3 (880750307) + open_persistent_id : 0x00000000347f2ee3 (880750307) + open_volatile_id : 0x00000000ce68e08c (3462979724) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:48.175621, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 347F2EE3 +[2013/11/07 07:38:48.176294, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.176421, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.176529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:48.176591, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x347f2ee3) stored +[2013/11/07 07:38:48.176688, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xce68e08c (3462979724) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x347f2ee3 (880750307) + open_persistent_id : 0x00000000347f2ee3 (880750307) + open_volatile_id : 0x00000000ce68e08c (3462979724) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:48 2013 CET + compat : NULL +[2013/11/07 07:38:48.178469, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 3462979724 (8 used) +[2013/11/07 07:38:48.178593, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:48.178740, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:48.178865, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 24 for pipe \spoolss +[2013/11/07 07:38:48.179117, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:48.179228, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:48.179363, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 3462979724 +[2013/11/07 07:38:48.179522, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:48.179636, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/165/127 +[2013/11/07 07:38:48.181560, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.181765, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 165 (position 165) from bitmap +[2013/11/07 07:38:48.181871, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 165 +[2013/11/07 07:38:48.182042, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.182152, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.184110, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.184585, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.184705, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 165, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.184870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 3462979724 +[2013/11/07 07:38:48.184986, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:48.185106, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:48.185608, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:48.185734, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.185837, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.185932, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.186040, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:48.186147, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.186241, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.186334, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:48.186462, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.186586, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.188831, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:48.188936, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.189046, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:48.189163, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:48.189273, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.189462, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 25 for pipe \spoolss +[2013/11/07 07:38:48.189617, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.190910, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.191431, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:48.191546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/166/127 +[2013/11/07 07:38:48.193277, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.193546, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 166 (position 166) from bitmap +[2013/11/07 07:38:48.193653, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 166 +[2013/11/07 07:38:48.193786, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.193937, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.195846, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.196316, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.196434, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 166, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.196538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3462979724 +[2013/11/07 07:38:48.196653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.196760, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:48.196867, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.197570, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:48.197692, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:48.197805, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/167/127 +[2013/11/07 07:38:48.199647, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.199825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 167 (position 167) from bitmap +[2013/11/07 07:38:48.199932, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 167 +[2013/11/07 07:38:48.200064, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.200171, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.202857, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.203377, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.203505, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 167, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.203611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3462979724 +[2013/11/07 07:38:48.203724, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:48.203823, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:48.203925, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:48.204020, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:48.204116, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.204216, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.204310, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.204403, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:48.204504, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.204596, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.204690, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:48.204793, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.204907, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:48.207145, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.207245, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.207349, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.207460, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.207562, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.209600, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.210089, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.210200, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:48.210307, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:48.210438, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:48.211739, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:48.211858, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[8] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.212054, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:48.212188, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:48.212412, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) + Adding cache entry with key=[PRINTERNAME/printer7] and timeout=[Do Nov 7 07:43:48 2013 CET] (300 seconds ahead) + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:48.212643, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 8 printer handles active +[2013/11/07 07:38:48.212746, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.212940, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.213129, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:48.213277, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:48.213755, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:48.213892, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:48.214115, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:48.214246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:48.214351, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:48.214545, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:48.214697, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.215267, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.215375, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.215482, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.215581, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.215676, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:48.215771, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:48.216116, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.216226, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:48.216337, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.217307, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.217597, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.217697, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.217899, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.218103, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010c-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.218565, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010c-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.219670, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.219873, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.219973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:48.220109, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.220205, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.220307, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.220399, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.220996, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.221120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.221228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.221323, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.221611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.221651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.221714, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.221755, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.221797, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.221834, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.221875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.221912, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.221970, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.222011, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.222053, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.222091, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.222132, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.222180, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.222254, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.222296, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.222342, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.222382, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.222425, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.222462, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.222524, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.222566, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.222610, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.222649, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.222692, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.222730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.222799, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.222840, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.222885, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.222925, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.222967, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.223005, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.223086, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.223130, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.223170, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.223211, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.223251, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.223291, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.223334, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.223414, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010d-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.223582, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:48.223640, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010d-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.223772, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.223849, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.223925, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.223967, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:48.224007, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.224180, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010c-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.224309, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.224387, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.224463, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.224503, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:48.224558, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.224719, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:48.224768, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010b-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.224919, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.224973, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.225016, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.225231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:48.225274, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.225325, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.225444, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.225503, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:48.225921, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:48.225971, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.226012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.226060, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.226103, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.226148, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/168/127 +[2013/11/07 07:38:48.238870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.239125, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 168 (position 168) from bitmap +[2013/11/07 07:38:48.239238, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 168 +[2013/11/07 07:38:48.239382, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.239491, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.241539, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.242023, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.243289, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:48.243422, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.243527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.243638, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key D2226FC2 +[2013/11/07 07:38:48.243762, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3ab210 +[2013/11/07 07:38:48.243941, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:48.244009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'D2226FC2' stored +[2013/11/07 07:38:48.244112, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xd2226fc2 (3525472194) + open_persistent_id : 0x00000000d2226fc2 (3525472194) + open_volatile_id : 0x000000009338514f (2469941583) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:48.245289, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key D2226FC2 +[2013/11/07 07:38:48.245618, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.245727, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.245835, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:48.245895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xd2226fc2) stored +[2013/11/07 07:38:48.245991, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x9338514f (2469941583) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xd2226fc2 (3525472194) + open_persistent_id : 0x00000000d2226fc2 (3525472194) + open_volatile_id : 0x000000009338514f (2469941583) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:48 2013 CET + compat : NULL +[2013/11/07 07:38:48.247509, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 2469941583 (9 used) +[2013/11/07 07:38:48.247629, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:48.247774, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:48.247893, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 26 for pipe \spoolss +[2013/11/07 07:38:48.248133, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:48.248239, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:48.248372, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 2469941583 +[2013/11/07 07:38:48.248527, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:48.248641, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/169/127 +[2013/11/07 07:38:48.250441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.250668, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 169 (position 169) from bitmap +[2013/11/07 07:38:48.250778, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 169 +[2013/11/07 07:38:48.250918, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.251029, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.252949, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.253551, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.253678, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 169, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.253783, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 2469941583 +[2013/11/07 07:38:48.253895, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:48.253996, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:48.254092, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:48.254187, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.254286, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.254380, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.254473, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:48.254576, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.254668, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.254761, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:48.254862, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.255002, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.257213, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:48.257315, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.257620, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:48.257724, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:48.257777, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.257827, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 27 for pipe \spoolss +[2013/11/07 07:38:48.257887, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.258403, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.258614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:48.258660, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/170/127 +[2013/11/07 07:38:48.259992, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.260064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 170 (position 170) from bitmap +[2013/11/07 07:38:48.260106, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 170 +[2013/11/07 07:38:48.260159, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.260201, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.260967, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.261156, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.261204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 170, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.261245, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2469941583 +[2013/11/07 07:38:48.261291, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.261334, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:48.261446, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.261657, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:48.261701, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:48.261754, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/171/127 +[2013/11/07 07:38:48.263366, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.263441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 171 (position 171) from bitmap +[2013/11/07 07:38:48.263483, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 171 +[2013/11/07 07:38:48.263536, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.263578, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.264433, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.264625, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.264675, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 171, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.264728, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2469941583 +[2013/11/07 07:38:48.264776, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:48.264816, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:48.264857, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:48.264895, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:48.264933, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.264972, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.265010, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.265048, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:48.265096, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.265134, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.265172, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:48.265212, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.265265, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:48.266205, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.266245, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.266288, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.266334, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.266375, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.267151, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.267338, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.267391, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:48.267436, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:48.267493, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:48.268022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:48.268071, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[9] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.268151, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:48.268205, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:48.268301, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:48.268357, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 9 printer handles active +[2013/11/07 07:38:48.268396, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.268481, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.268557, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:48.268622, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:48.268791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:48.268843, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:48.268947, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:48.269002, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:48.269043, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:48.269124, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:48.269191, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.269559, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.269607, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.269652, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.269692, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.269731, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:48.269770, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:48.269921, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.269966, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:48.270025, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.270064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.270105, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.270142, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.270221, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.270302, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010f-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.270489, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010f-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.271024, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.271107, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.271149, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:48.271193, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.271231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.271281, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.271707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.271794, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.271839, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.271883, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.271922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.272080, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.272125, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.272324, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.272370, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.272414, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.272452, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.272493, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.272531, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.272589, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.272630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.272675, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.272712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.272753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.272790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.272864, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.272919, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.272964, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.273004, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.273046, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.273085, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.273146, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.273188, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.273231, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.273270, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.273312, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.273350, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.273490, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.273533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.273577, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.273617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.273659, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.273696, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.273765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.273807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.273855, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.273896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.273936, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.273976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.274021, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.274101, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000110-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.274274, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:48.274333, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000110-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.274465, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.274542, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.274619, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.274660, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:48.274701, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.274862, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010f-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.274998, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.275076, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.275152, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.275192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:48.275248, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.275408, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:48.275458, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010e-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.275609, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.275663, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.275705, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.275919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:48.275962, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.276004, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.276047, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.276105, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:48.276520, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:48.276568, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.276609, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.276655, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.276696, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.276740, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/172/127 +[2013/11/07 07:38:48.289537, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.289753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 172 (position 172) from bitmap +[2013/11/07 07:38:48.289893, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 172 +[2013/11/07 07:38:48.290039, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.290147, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.292085, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.292560, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.292686, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:48.292809, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.292908, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.293014, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key C15C1511 +[2013/11/07 07:38:48.293137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d34ca90 +[2013/11/07 07:38:48.293305, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:48.293560, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'C15C1511' stored +[2013/11/07 07:38:48.293680, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xc15c1511 (3244037393) + open_persistent_id : 0x00000000c15c1511 (3244037393) + open_volatile_id : 0x000000000ec6b772 (247904114) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:48.296294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key C15C1511 +[2013/11/07 07:38:48.296410, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.296510, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.296614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:48.296674, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xc15c1511) stored +[2013/11/07 07:38:48.296770, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0x0ec6b772 (247904114) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xc15c1511 (3244037393) + open_persistent_id : 0x00000000c15c1511 (3244037393) + open_volatile_id : 0x000000000ec6b772 (247904114) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:48 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:48 2013 CET + compat : NULL +[2013/11/07 07:38:48.298399, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 247904114 (10 used) +[2013/11/07 07:38:48.298541, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:48.298679, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:48.298798, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 28 for pipe \spoolss +[2013/11/07 07:38:48.299033, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:48.299141, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:48.299275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 247904114 +[2013/11/07 07:38:48.299426, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:48.299538, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/173/127 +[2013/11/07 07:38:48.301497, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.301683, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 173 (position 173) from bitmap +[2013/11/07 07:38:48.301788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 173 +[2013/11/07 07:38:48.301936, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.302046, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.303968, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.304463, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.304584, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 173, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.304687, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 247904114 +[2013/11/07 07:38:48.304796, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:48.304898, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:48.304991, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:48.305087, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.305187, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.305279, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.305548, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:48.305670, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.305766, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:48.305860, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:48.305962, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.306083, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.308311, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:48.308414, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.308516, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:48.308740, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:48.308852, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:48.308956, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 29 for pipe \spoolss +[2013/11/07 07:38:48.309096, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:48.310720, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.311248, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:48.311364, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/174/127 +[2013/11/07 07:38:48.314788, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.314989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 174 (position 174) from bitmap +[2013/11/07 07:38:48.315096, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 174 +[2013/11/07 07:38:48.315226, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.315349, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.317717, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.318217, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.318339, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 174, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.318444, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 247904114 +[2013/11/07 07:38:48.318559, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.318666, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:48.318773, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.319309, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:48.319421, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:48.319530, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/175/127 +[2013/11/07 07:38:48.321565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.321748, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 175 (position 175) from bitmap +[2013/11/07 07:38:48.321854, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 175 +[2013/11/07 07:38:48.321983, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.322110, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.324003, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.324491, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.324611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 175, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.324714, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 247904114 +[2013/11/07 07:38:48.324825, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:48.324949, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:48.325068, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:48.325166, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:48.325264, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.325755, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.325883, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.325981, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:48.326102, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.326197, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:48.326292, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:48.326393, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.326506, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:48.328906, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.329012, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.329133, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.329249, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.329351, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.331414, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.331889, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.332000, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:48.332109, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:48.332269, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:48.333730, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:48.333852, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[10] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.334051, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:48.334188, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:48.334401, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:48.334540, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 10 printer handles active +[2013/11/07 07:38:48.334638, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.334830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.335040, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:48.335190, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:48.335529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:48.335655, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:48.335877, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:48.336008, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:48.336112, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:48.336300, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:48.336450, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.337015, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:48.337122, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.337231, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.337329, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:48.337556, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:48.337657, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:48.337981, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.338094, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:48.338203, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:48.338301, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:48.338400, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.338520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:48.338704, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.338912, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000112-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.339365, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000112-0000-0000-7b52-7835c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:48.340461, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.340662, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:48.340764, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:48.340870, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.340964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.341064, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.341159, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:48.341344, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:48.341627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:48.341672, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.341711, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.341752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.341791, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:48.341854, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:48.341896, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:48.341939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.341976, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.342017, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.342054, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:48.342112, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:48.342153, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:48.342196, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.342234, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.342275, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.342312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:48.342384, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:48.342426, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:48.342470, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.342519, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.342562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.342600, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:48.342661, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:48.342702, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:48.342745, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.342784, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.342826, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.342864, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:48.342932, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:48.342973, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:48.343018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.343057, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.343099, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:48.343136, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:48.343205, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:48.343248, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:48.343288, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:48.343328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:48.343367, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:48.343416, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:48.343459, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.343537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000113-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.343701, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:48.343758, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000113-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.343889, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.343967, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.344043, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.344084, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:48.344125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.344289, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000112-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.344418, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.344503, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.344579, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.344620, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:48.344673, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.344832, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:48.344880, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000111-0000-0000-7b52-7835c5510000 + result : WERR_OK +[2013/11/07 07:38:48.345030, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.345082, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.345124, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.345335, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:48.345431, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.345477, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.345520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.345572, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:48.346000, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:48.346049, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.346089, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.346135, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.346178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.346222, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/176/127 +[2013/11/07 07:38:48.354348, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.354488, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 176 (position 176) from bitmap +[2013/11/07 07:38:48.354562, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 176 +[2013/11/07 07:38:48.354666, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.354760, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.356097, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.356413, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.356495, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 176, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.356564, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2469941583 +[2013/11/07 07:38:48.356640, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.356706, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.356772, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.356836, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.356900, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.356966, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.357029, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.357092, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.357159, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.357221, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.357296, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.357475, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.357562, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.358302, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.358366, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.358434, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.358506, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.358574, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.359842, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.360151, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.360223, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.360296, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.360367, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010e-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.360585, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.360716, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.360843, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.360969, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.361036, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.361282, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.361362, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.361504, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.361866, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.361937, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.362056, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.362132, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.362216, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.362900, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.362978, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.363044, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.363118, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.363186, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.363257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/177/127 +[2013/11/07 07:38:48.363464, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.363556, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 177 (position 177) from bitmap +[2013/11/07 07:38:48.363626, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 177 +[2013/11/07 07:38:48.363712, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.363781, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.365089, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.365487, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.365569, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 177, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.365639, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2421171645 +[2013/11/07 07:38:48.365713, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 1084 +[2013/11/07 07:38:48.365777, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 1084 +[2013/11/07 07:38:48.365859, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1084 +[2013/11/07 07:38:48.365923, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1084 +[2013/11/07 07:38:48.365987, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 1084, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.366054, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.366116, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1068 +[2013/11/07 07:38:48.366178, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1068 +[2013/11/07 07:38:48.366247, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.366309, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 1068 +[2013/11/07 07:38:48.366371, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1068, incoming data = 1068 +[2013/11/07 07:38:48.366439, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.366515, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x043c (1084) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000424 (1060) + context_id : 0x0000 (0) + opnum : 0x0018 (24) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=1060 + [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 01 00 00 00 00 00 02 00 00 04 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 04 00 00 .... +[2013/11/07 07:38:48.370539, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.370580, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.370623, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.370668, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.370709, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.371547, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.371736, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.371782, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x18 - api_rpcTNP: rpc command: SPOOLSS_ADDJOB +[2013/11/07 07:38:48.371825, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[24].fn == 0x7f375c25e310 +[2013/11/07 07:38:48.371892, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_AddJob: struct spoolss_AddJob + in: struct spoolss_AddJob + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ed-0000-0000-7b52-7735c5510000 + level : 0x00000001 (1) + buffer : * + buffer: ARRAY(1024) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + [4] : 0x00 (0) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x00 (0) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x00 (0) + [21] : 0x00 (0) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x00 (0) + [28] : 0x00 (0) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x00 (0) + [33] : 0x00 (0) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x00 (0) + [44] : 0x00 (0) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x00 (0) + [49] : 0x00 (0) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x00 (0) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + [56] : 0x00 (0) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x00 (0) + [62] : 0x00 (0) + [63] : 0x00 (0) + [64] : 0x00 (0) + [65] : 0x00 (0) + [66] : 0x00 (0) + [67] : 0x00 (0) + [68] : 0x00 (0) + [69] : 0x00 (0) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x00 (0) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x00 (0) + [82] : 0x00 (0) + [83] : 0x00 (0) + [84] : 0x00 (0) + [85] : 0x00 (0) + [86] : 0x00 (0) + [87] : 0x00 (0) + [88] : 0x00 (0) + [89] : 0x00 (0) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x00 (0) + [96] : 0x00 (0) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x00 (0) + [101] : 0x00 (0) + [102] : 0x00 (0) + [103] : 0x00 (0) + [104] : 0x00 (0) + [105] : 0x00 (0) + [106] : 0x00 (0) + [107] : 0x00 (0) + [108] : 0x00 (0) + [109] : 0x00 (0) + [110] : 0x00 (0) + [111] : 0x00 (0) + [112] : 0x00 (0) + [113] : 0x00 (0) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x00 (0) + [118] : 0x00 (0) + [119] : 0x00 (0) + [120] : 0x00 (0) + [121] : 0x00 (0) + [122] : 0x00 (0) + [123] : 0x00 (0) + [124] : 0x00 (0) + [125] : 0x00 (0) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x00 (0) + [132] : 0x00 (0) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x00 (0) + [137] : 0x00 (0) + [138] : 0x00 (0) + [139] : 0x00 (0) + [140] : 0x00 (0) + [141] : 0x00 (0) + [142] : 0x00 (0) + [143] : 0x00 (0) + [144] : 0x00 (0) + [145] : 0x00 (0) + [146] : 0x00 (0) + [147] : 0x00 (0) + [148] : 0x00 (0) + [149] : 0x00 (0) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x00 (0) + [154] : 0x00 (0) + [155] : 0x00 (0) + [156] : 0x00 (0) + [157] : 0x00 (0) + [158] : 0x00 (0) + [159] : 0x00 (0) + [160] : 0x00 (0) + [161] : 0x00 (0) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x00 (0) + [168] : 0x00 (0) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x00 (0) + [173] : 0x00 (0) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x00 (0) + [178] : 0x00 (0) + [179] : 0x00 (0) + [180] : 0x00 (0) + [181] : 0x00 (0) + [182] : 0x00 (0) + [183] : 0x00 (0) + [184] : 0x00 (0) + [185] : 0x00 (0) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x00 (0) + [192] : 0x00 (0) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x00 (0) + [197] : 0x00 (0) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x00 (0) + [202] : 0x00 (0) + [203] : 0x00 (0) + [204] : 0x00 (0) + [205] : 0x00 (0) + [206] : 0x00 (0) + [207] : 0x00 (0) + [208] : 0x00 (0) + [209] : 0x00 (0) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x00 (0) + [216] : 0x00 (0) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x00 (0) + [221] : 0x00 (0) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x00 (0) + [226] : 0x00 (0) + [227] : 0x00 (0) + [228] : 0x00 (0) + [229] : 0x00 (0) + [230] : 0x00 (0) + [231] : 0x00 (0) + [232] : 0x00 (0) + [233] : 0x00 (0) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x00 (0) + [240] : 0x00 (0) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x00 (0) + [245] : 0x00 (0) + [246] : 0x00 (0) + [247] : 0x00 (0) + [248] : 0x00 (0) + [249] : 0x00 (0) + [250] : 0x00 (0) + [251] : 0x00 (0) + [252] : 0x00 (0) + [253] : 0x00 (0) + [254] : 0x00 (0) + [255] : 0x00 (0) + [256] : 0x00 (0) + [257] : 0x00 (0) + [258] : 0x00 (0) + [259] : 0x00 (0) + [260] : 0x00 (0) + [261] : 0x00 (0) + [262] : 0x00 (0) + [263] : 0x00 (0) + [264] : 0x00 (0) + [265] : 0x00 (0) + [266] : 0x00 (0) + [267] : 0x00 (0) + [268] : 0x00 (0) + [269] : 0x00 (0) + [270] : 0x00 (0) + [271] : 0x00 (0) + [272] : 0x00 (0) + [273] : 0x00 (0) + [274] : 0x00 (0) + [275] : 0x00 (0) + [276] : 0x00 (0) + [277] : 0x00 (0) + [278] : 0x00 (0) + [279] : 0x00 (0) + [280] : 0x00 (0) + [281] : 0x00 (0) + [282] : 0x00 (0) + [283] : 0x00 (0) + [284] : 0x00 (0) + [285] : 0x00 (0) + [286] : 0x00 (0) + [287] : 0x00 (0) + [288] : 0x00 (0) + [289] : 0x00 (0) + [290] : 0x00 (0) + [291] : 0x00 (0) + [292] : 0x00 (0) + [293] : 0x00 (0) + [294] : 0x00 (0) + [295] : 0x00 (0) + [296] : 0x00 (0) + [297] : 0x00 (0) + [298] : 0x00 (0) + [299] : 0x00 (0) + [300] : 0x00 (0) + [301] : 0x00 (0) + [302] : 0x00 (0) + [303] : 0x00 (0) + [304] : 0x00 (0) + [305] : 0x00 (0) + [306] : 0x00 (0) + [307] : 0x00 (0) + [308] : 0x00 (0) + [309] : 0x00 (0) + [310] : 0x00 (0) + [311] : 0x00 (0) + [312] : 0x00 (0) + [313] : 0x00 (0) + [314] : 0x00 (0) + [315] : 0x00 (0) + [316] : 0x00 (0) + [317] : 0x00 (0) + [318] : 0x00 (0) + [319] : 0x00 (0) + [320] : 0x00 (0) + [321] : 0x00 (0) + [322] : 0x00 (0) + [323] : 0x00 (0) + [324] : 0x00 (0) + [325] : 0x00 (0) + [326] : 0x00 (0) + [327] : 0x00 (0) + [328] : 0x00 (0) + [329] : 0x00 (0) + [330] : 0x00 (0) + [331] : 0x00 (0) + [332] : 0x00 (0) + [333] : 0x00 (0) + [334] : 0x00 (0) + [335] : 0x00 (0) + [336] : 0x00 (0) + [337] : 0x00 (0) + [338] : 0x00 (0) + [339] : 0x00 (0) + [340] : 0x00 (0) + [341] : 0x00 (0) + [342] : 0x00 (0) + [343] : 0x00 (0) + [344] : 0x00 (0) + [345] : 0x00 (0) + [346] : 0x00 (0) + [347] : 0x00 (0) + [348] : 0x00 (0) + [349] : 0x00 (0) + [350] : 0x00 (0) + [351] : 0x00 (0) + [352] : 0x00 (0) + [353] : 0x00 (0) + [354] : 0x00 (0) + [355] : 0x00 (0) + [356] : 0x00 (0) + [357] : 0x00 (0) + [358] : 0x00 (0) + [359] : 0x00 (0) + [360] : 0x00 (0) + [361] : 0x00 (0) + [362] : 0x00 (0) + [363] : 0x00 (0) + [364] : 0x00 (0) + [365] : 0x00 (0) + [366] : 0x00 (0) + [367] : 0x00 (0) + [368] : 0x00 (0) + [369] : 0x00 (0) + [370] : 0x00 (0) + [371] : 0x00 (0) + [372] : 0x00 (0) + [373] : 0x00 (0) + [374] : 0x00 (0) + [375] : 0x00 (0) + [376] : 0x00 (0) + [377] : 0x00 (0) + [378] : 0x00 (0) + [379] : 0x00 (0) + [380] : 0x00 (0) + [381] : 0x00 (0) + [382] : 0x00 (0) + [383] : 0x00 (0) + [384] : 0x00 (0) + [385] : 0x00 (0) + [386] : 0x00 (0) + [387] : 0x00 (0) + [388] : 0x00 (0) + [389] : 0x00 (0) + [390] : 0x00 (0) + [391] : 0x00 (0) + [392] : 0x00 (0) + [393] : 0x00 (0) + [394] : 0x00 (0) + [395] : 0x00 (0) + [396] : 0x00 (0) + [397] : 0x00 (0) + [398] : 0x00 (0) + [399] : 0x00 (0) + [400] : 0x00 (0) + [401] : 0x00 (0) + [402] : 0x00 (0) + [403] : 0x00 (0) + [404] : 0x00 (0) + [405] : 0x00 (0) + [406] : 0x00 (0) + [407] : 0x00 (0) + [408] : 0x00 (0) + [409] : 0x00 (0) + [410] : 0x00 (0) + [411] : 0x00 (0) + [412] : 0x00 (0) + [413] : 0x00 (0) + [414] : 0x00 (0) + [415] : 0x00 (0) + [416] : 0x00 (0) + [417] : 0x00 (0) + [418] : 0x00 (0) + [419] : 0x00 (0) + [420] : 0x00 (0) + [421] : 0x00 (0) + [422] : 0x00 (0) + [423] : 0x00 (0) + [424] : 0x00 (0) + [425] : 0x00 (0) + [426] : 0x00 (0) + [427] : 0x00 (0) + [428] : 0x00 (0) + [429] : 0x00 (0) + [430] : 0x00 (0) + [431] : 0x00 (0) + [432] : 0x00 (0) + [433] : 0x00 (0) + [434] : 0x00 (0) + [435] : 0x00 (0) + [436] : 0x00 (0) + [437] : 0x00 (0) + [438] : 0x00 (0) + [439] : 0x00 (0) + [440] : 0x00 (0) + [441] : 0x00 (0) + [442] : 0x00 (0) + [443] : 0x00 (0) + [444] : 0x00 (0) + [445] : 0x00 (0) + [446] : 0x00 (0) + [447] : 0x00 (0) + [448] : 0x00 (0) + [449] : 0x00 (0) + [450] : 0x00 (0) + [451] : 0x00 (0) + [452] : 0x00 (0) + [453] : 0x00 (0) + [454] : 0x00 (0) + [455] : 0x00 (0) + [456] : 0x00 (0) + [457] : 0x00 (0) + [458] : 0x00 (0) + [459] : 0x00 (0) + [460] : 0x00 (0) + [461] : 0x00 (0) + [462] : 0x00 (0) + [463] : 0x00 (0) + [464] : 0x00 (0) + [465] : 0x00 (0) + [466] : 0x00 (0) + [467] : 0x00 (0) + [468] : 0x00 (0) + [469] : 0x00 (0) + [470] : 0x00 (0) + [471] : 0x00 (0) + [472] : 0x00 (0) + [473] : 0x00 (0) + [474] : 0x00 (0) + [475] : 0x00 (0) + [476] : 0x00 (0) + [477] : 0x00 (0) + [478] : 0x00 (0) + [479] : 0x00 (0) + [480] : 0x00 (0) + [481] : 0x00 (0) + [482] : 0x00 (0) + [483] : 0x00 (0) + [484] : 0x00 (0) + [485] : 0x00 (0) + [486] : 0x00 (0) + [487] : 0x00 (0) + [488] : 0x00 (0) + [489] : 0x00 (0) + [490] : 0x00 (0) + [491] : 0x00 (0) + [492] : 0x00 (0) + [493] : 0x00 (0) + [494] : 0x00 (0) + [495] : 0x00 (0) + [496] : 0x00 (0) + [497] : 0x00 (0) + [498] : 0x00 (0) + [499] : 0x00 (0) + [500] : 0x00 (0) + [501] : 0x00 (0) + [502] : 0x00 (0) + [503] : 0x00 (0) + [504] : 0x00 (0) + [505] : 0x00 (0) + [506] : 0x00 (0) + [507] : 0x00 (0) + [508] : 0x00 (0) + [509] : 0x00 (0) + [510] : 0x00 (0) + [511] : 0x00 (0) + [512] : 0x00 (0) + [513] : 0x00 (0) + [514] : 0x00 (0) + [515] : 0x00 (0) + [516] : 0x00 (0) + [517] : 0x00 (0) + [518] : 0x00 (0) + [519] : 0x00 (0) + [520] : 0x00 (0) + [521] : 0x00 (0) + [522] : 0x00 (0) + [523] : 0x00 (0) + [524] : 0x00 (0) + [525] : 0x00 (0) + [526] : 0x00 (0) + [527] : 0x00 (0) + [528] : 0x00 (0) + [529] : 0x00 (0) + [530] : 0x00 (0) + [531] : 0x00 (0) + [532] : 0x00 (0) + [533] : 0x00 (0) + [534] : 0x00 (0) + [535] : 0x00 (0) + [536] : 0x00 (0) + [537] : 0x00 (0) + [538] : 0x00 (0) + [539] : 0x00 (0) + [540] : 0x00 (0) + [541] : 0x00 (0) + [542] : 0x00 (0) + [543] : 0x00 (0) + [544] : 0x00 (0) + [545] : 0x00 (0) + [546] : 0x00 (0) + [547] : 0x00 (0) + [548] : 0x00 (0) + [549] : 0x00 (0) + [550] : 0x00 (0) + [551] : 0x00 (0) + [552] : 0x00 (0) + [553] : 0x00 (0) + [554] : 0x00 (0) + [555] : 0x00 (0) + [556] : 0x00 (0) + [557] : 0x00 (0) + [558] : 0x00 (0) + [559] : 0x00 (0) + [560] : 0x00 (0) + [561] : 0x00 (0) + [562] : 0x00 (0) + [563] : 0x00 (0) + [564] : 0x00 (0) + [565] : 0x00 (0) + [566] : 0x00 (0) + [567] : 0x00 (0) + [568] : 0x00 (0) + [569] : 0x00 (0) + [570] : 0x00 (0) + [571] : 0x00 (0) + [572] : 0x00 (0) + [573] : 0x00 (0) + [574] : 0x00 (0) + [575] : 0x00 (0) + [576] : 0x00 (0) + [577] : 0x00 (0) + [578] : 0x00 (0) + [579] : 0x00 (0) + [580] : 0x00 (0) + [581] : 0x00 (0) + [582] : 0x00 (0) + [583] : 0x00 (0) + [584] : 0x00 (0) + [585] : 0x00 (0) + [586] : 0x00 (0) + [587] : 0x00 (0) + [588] : 0x00 (0) + [589] : 0x00 (0) + [590] : 0x00 (0) + [591] : 0x00 (0) + [592] : 0x00 (0) + [593] : 0x00 (0) + [594] : 0x00 (0) + [595] : 0x00 (0) + [596] : 0x00 (0) + [597] : 0x00 (0) + [598] : 0x00 (0) + [599] : 0x00 (0) + [600] : 0x00 (0) + [601] : 0x00 (0) + [602] : 0x00 (0) + [603] : 0x00 (0) + [604] : 0x00 (0) + [605] : 0x00 (0) + [606] : 0x00 (0) + [607] : 0x00 (0) + [608] : 0x00 (0) + [609] : 0x00 (0) + [610] : 0x00 (0) + [611] : 0x00 (0) + [612] : 0x00 (0) + [613] : 0x00 (0) + [614] : 0x00 (0) + [615] : 0x00 (0) + [616] : 0x00 (0) + [617] : 0x00 (0) + [618] : 0x00 (0) + [619] : 0x00 (0) + [620] : 0x00 (0) + [621] : 0x00 (0) + [622] : 0x00 (0) + [623] : 0x00 (0) + [624] : 0x00 (0) + [625] : 0x00 (0) + [626] : 0x00 (0) + [627] : 0x00 (0) + [628] : 0x00 (0) + [629] : 0x00 (0) + [630] : 0x00 (0) + [631] : 0x00 (0) + [632] : 0x00 (0) + [633] : 0x00 (0) + [634] : 0x00 (0) + [635] : 0x00 (0) + [636] : 0x00 (0) + [637] : 0x00 (0) + [638] : 0x00 (0) + [639] : 0x00 (0) + [640] : 0x00 (0) + [641] : 0x00 (0) + [642] : 0x00 (0) + [643] : 0x00 (0) + [644] : 0x00 (0) + [645] : 0x00 (0) + [646] : 0x00 (0) + [647] : 0x00 (0) + [648] : 0x00 (0) + [649] : 0x00 (0) + [650] : 0x00 (0) + [651] : 0x00 (0) + [652] : 0x00 (0) + [653] : 0x00 (0) + [654] : 0x00 (0) + [655] : 0x00 (0) + [656] : 0x00 (0) + [657] : 0x00 (0) + [658] : 0x00 (0) + [659] : 0x00 (0) + [660] : 0x00 (0) + [661] : 0x00 (0) + [662] : 0x00 (0) + [663] : 0x00 (0) + [664] : 0x00 (0) + [665] : 0x00 (0) + [666] : 0x00 (0) + [667] : 0x00 (0) + [668] : 0x00 (0) + [669] : 0x00 (0) + [670] : 0x00 (0) + [671] : 0x00 (0) + [672] : 0x00 (0) + [673] : 0x00 (0) + [674] : 0x00 (0) + [675] : 0x00 (0) + [676] : 0x00 (0) + [677] : 0x00 (0) + [678] : 0x00 (0) + [679] : 0x00 (0) + [680] : 0x00 (0) + [681] : 0x00 (0) + [682] : 0x00 (0) + [683] : 0x00 (0) + [684] : 0x00 (0) + [685] : 0x00 (0) + [686] : 0x00 (0) + [687] : 0x00 (0) + [688] : 0x00 (0) + [689] : 0x00 (0) + [690] : 0x00 (0) + [691] : 0x00 (0) + [692] : 0x00 (0) + [693] : 0x00 (0) + [694] : 0x00 (0) + [695] : 0x00 (0) + [696] : 0x00 (0) + [697] : 0x00 (0) + [698] : 0x00 (0) + [699] : 0x00 (0) + [700] : 0x00 (0) + [701] : 0x00 (0) + [702] : 0x00 (0) + [703] : 0x00 (0) + [704] : 0x00 (0) + [705] : 0x00 (0) + [706] : 0x00 (0) + [707] : 0x00 (0) + [708] : 0x00 (0) + [709] : 0x00 (0) + [710] : 0x00 (0) + [711] : 0x00 (0) + [712] : 0x00 (0) + [713] : 0x00 (0) + [714] : 0x00 (0) + [715] : 0x00 (0) + [716] : 0x00 (0) + [717] : 0x00 (0) + [718] : 0x00 (0) + [719] : 0x00 (0) + [720] : 0x00 (0) + [721] : 0x00 (0) + [722] : 0x00 (0) + [723] : 0x00 (0) + [724] : 0x00 (0) + [725] : 0x00 (0) + [726] : 0x00 (0) + [727] : 0x00 (0) + [728] : 0x00 (0) + [729] : 0x00 (0) + [730] : 0x00 (0) + [731] : 0x00 (0) + [732] : 0x00 (0) + [733] : 0x00 (0) + [734] : 0x00 (0) + [735] : 0x00 (0) + [736] : 0x00 (0) + [737] : 0x00 (0) + [738] : 0x00 (0) + [739] : 0x00 (0) + [740] : 0x00 (0) + [741] : 0x00 (0) + [742] : 0x00 (0) + [743] : 0x00 (0) + [744] : 0x00 (0) + [745] : 0x00 (0) + [746] : 0x00 (0) + [747] : 0x00 (0) + [748] : 0x00 (0) + [749] : 0x00 (0) + [750] : 0x00 (0) + [751] : 0x00 (0) + [752] : 0x00 (0) + [753] : 0x00 (0) + [754] : 0x00 (0) + [755] : 0x00 (0) + [756] : 0x00 (0) + [757] : 0x00 (0) + [758] : 0x00 (0) + [759] : 0x00 (0) + [760] : 0x00 (0) + [761] : 0x00 (0) + [762] : 0x00 (0) + [763] : 0x00 (0) + [764] : 0x00 (0) + [765] : 0x00 (0) + [766] : 0x00 (0) + [767] : 0x00 (0) + [768] : 0x00 (0) + [769] : 0x00 (0) + [770] : 0x00 (0) + [771] : 0x00 (0) + [772] : 0x00 (0) + [773] : 0x00 (0) + [774] : 0x00 (0) + [775] : 0x00 (0) + [776] : 0x00 (0) + [777] : 0x00 (0) + [778] : 0x00 (0) + [779] : 0x00 (0) + [780] : 0x00 (0) + [781] : 0x00 (0) + [782] : 0x00 (0) + [783] : 0x00 (0) + [784] : 0x00 (0) + [785] : 0x00 (0) + [786] : 0x00 (0) + [787] : 0x00 (0) + [788] : 0x00 (0) + [789] : 0x00 (0) + [790] : 0x00 (0) + [791] : 0x00 (0) + [792] : 0x00 (0) + [793] : 0x00 (0) + [794] : 0x00 (0) + [795] : 0x00 (0) + [796] : 0x00 (0) + [797] : 0x00 (0) + [798] : 0x00 (0) + [799] : 0x00 (0) + [800] : 0x00 (0) + [801] : 0x00 (0) + [802] : 0x00 (0) + [803] : 0x00 (0) + [804] : 0x00 (0) + [805] : 0x00 (0) + [806] : 0x00 (0) + [807] : 0x00 (0) + [808] : 0x00 (0) + [809] : 0x00 (0) + [810] : 0x00 (0) + [811] : 0x00 (0) + [812] : 0x00 (0) + [813] : 0x00 (0) + [814] : 0x00 (0) + [815] : 0x00 (0) + [816] : 0x00 (0) + [817] : 0x00 (0) + [818] : 0x00 (0) + [819] : 0x00 (0) + [820] : 0x00 (0) + [821] : 0x00 (0) + [822] : 0x00 (0) + [823] : 0x00 (0) + [824] : 0x00 (0) + [825] : 0x00 (0) + [826] : 0x00 (0) + [827] : 0x00 (0) + [828] : 0x00 (0) + [829] : 0x00 (0) + [830] : 0x00 (0) + [831] : 0x00 (0) + [832] : 0x00 (0) + [833] : 0x00 (0) + [834] : 0x00 (0) + [835] : 0x00 (0) + [836] : 0x00 (0) + [837] : 0x00 (0) + [838] : 0x00 (0) + [839] : 0x00 (0) + [840] : 0x00 (0) + [841] : 0x00 (0) + [842] : 0x00 (0) + [843] : 0x00 (0) + [844] : 0x00 (0) + [845] : 0x00 (0) + [846] : 0x00 (0) + [847] : 0x00 (0) + [848] : 0x00 (0) + [849] : 0x00 (0) + [850] : 0x00 (0) + [851] : 0x00 (0) + [852] : 0x00 (0) + [853] : 0x00 (0) + [854] : 0x00 (0) + [855] : 0x00 (0) + [856] : 0x00 (0) + [857] : 0x00 (0) + [858] : 0x00 (0) + [859] : 0x00 (0) + [860] : 0x00 (0) + [861] : 0x00 (0) + [862] : 0x00 (0) + [863] : 0x00 (0) + [864] : 0x00 (0) + [865] : 0x00 (0) + [866] : 0x00 (0) + [867] : 0x00 (0) + [868] : 0x00 (0) + [869] : 0x00 (0) + [870] : 0x00 (0) + [871] : 0x00 (0) + [872] : 0x00 (0) + [873] : 0x00 (0) + [874] : 0x00 (0) + [875] : 0x00 (0) + [876] : 0x00 (0) + [877] : 0x00 (0) + [878] : 0x00 (0) + [879] : 0x00 (0) + [880] : 0x00 (0) + [881] : 0x00 (0) + [882] : 0x00 (0) + [883] : 0x00 (0) + [884] : 0x00 (0) + [885] : 0x00 (0) + [886] : 0x00 (0) + [887] : 0x00 (0) + [888] : 0x00 (0) + [889] : 0x00 (0) + [890] : 0x00 (0) + [891] : 0x00 (0) + [892] : 0x00 (0) + [893] : 0x00 (0) + [894] : 0x00 (0) + [895] : 0x00 (0) + [896] : 0x00 (0) + [897] : 0x00 (0) + [898] : 0x00 (0) + [899] : 0x00 (0) + [900] : 0x00 (0) + [901] : 0x00 (0) + [902] : 0x00 (0) + [903] : 0x00 (0) + [904] : 0x00 (0) + [905] : 0x00 (0) + [906] : 0x00 (0) + [907] : 0x00 (0) + [908] : 0x00 (0) + [909] : 0x00 (0) + [910] : 0x00 (0) + [911] : 0x00 (0) + [912] : 0x00 (0) + [913] : 0x00 (0) + [914] : 0x00 (0) + [915] : 0x00 (0) + [916] : 0x00 (0) + [917] : 0x00 (0) + [918] : 0x00 (0) + [919] : 0x00 (0) + [920] : 0x00 (0) + [921] : 0x00 (0) + [922] : 0x00 (0) + [923] : 0x00 (0) + [924] : 0x00 (0) + [925] : 0x00 (0) + [926] : 0x00 (0) + [927] : 0x00 (0) + [928] : 0x00 (0) + [929] : 0x00 (0) + [930] : 0x00 (0) + [931] : 0x00 (0) + [932] : 0x00 (0) + [933] : 0x00 (0) + [934] : 0x00 (0) + [935] : 0x00 (0) + [936] : 0x00 (0) + [937] : 0x00 (0) + [938] : 0x00 (0) + [939] : 0x00 (0) + [940] : 0x00 (0) + [941] : 0x00 (0) + [942] : 0x00 (0) + [943] : 0x00 (0) + [944] : 0x00 (0) + [945] : 0x00 (0) + [946] : 0x00 (0) + [947] : 0x00 (0) + [948] : 0x00 (0) + [949] : 0x00 (0) + [950] : 0x00 (0) + [951] : 0x00 (0) + [952] : 0x00 (0) + [953] : 0x00 (0) + [954] : 0x00 (0) + [955] : 0x00 (0) + [956] : 0x00 (0) + [957] : 0x00 (0) + [958] : 0x00 (0) + [959] : 0x00 (0) + [960] : 0x00 (0) + [961] : 0x00 (0) + [962] : 0x00 (0) + [963] : 0x00 (0) + [964] : 0x00 (0) + [965] : 0x00 (0) + [966] : 0x00 (0) + [967] : 0x00 (0) + [968] : 0x00 (0) + [969] : 0x00 (0) + [970] : 0x00 (0) + [971] : 0x00 (0) + [972] : 0x00 (0) + [973] : 0x00 (0) + [974] : 0x00 (0) + [975] : 0x00 (0) + [976] : 0x00 (0) + [977] : 0x00 (0) + [978] : 0x00 (0) + [979] : 0x00 (0) + [980] : 0x00 (0) + [981] : 0x00 (0) + [982] : 0x00 (0) + [983] : 0x00 (0) + [984] : 0x00 (0) + [985] : 0x00 (0) + [986] : 0x00 (0) + [987] : 0x00 (0) + [988] : 0x00 (0) + [989] : 0x00 (0) + [990] : 0x00 (0) + [991] : 0x00 (0) + [992] : 0x00 (0) + [993] : 0x00 (0) + [994] : 0x00 (0) + [995] : 0x00 (0) + [996] : 0x00 (0) + [997] : 0x00 (0) + [998] : 0x00 (0) + [999] : 0x00 (0) + [1000] : 0x00 (0) + [1001] : 0x00 (0) + [1002] : 0x00 (0) + [1003] : 0x00 (0) + [1004] : 0x00 (0) + [1005] : 0x00 (0) + [1006] : 0x00 (0) + [1007] : 0x00 (0) + [1008] : 0x00 (0) + [1009] : 0x00 (0) + [1010] : 0x00 (0) + [1011] : 0x00 (0) + [1012] : 0x00 (0) + [1013] : 0x00 (0) + [1014] : 0x00 (0) + [1015] : 0x00 (0) + [1016] : 0x00 (0) + [1017] : 0x00 (0) + [1018] : 0x00 (0) + [1019] : 0x00 (0) + [1020] : 0x00 (0) + [1021] : 0x00 (0) + [1022] : 0x00 (0) + [1023] : 0x00 (0) + offered : 0x00000400 (1024) +[2013/11/07 07:38:48.389471, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_AddJob: struct spoolss_AddJob + out: struct spoolss_AddJob + buffer : * + buffer: ARRAY(1024) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + [4] : 0x00 (0) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x00 (0) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x00 (0) + [21] : 0x00 (0) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x00 (0) + [28] : 0x00 (0) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x00 (0) + [33] : 0x00 (0) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x00 (0) + [44] : 0x00 (0) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x00 (0) + [49] : 0x00 (0) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x00 (0) + [53] : 0x00 (0) + [54] : 0x00 (0) + [55] : 0x00 (0) + [56] : 0x00 (0) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x00 (0) + [62] : 0x00 (0) + [63] : 0x00 (0) + [64] : 0x00 (0) + [65] : 0x00 (0) + [66] : 0x00 (0) + [67] : 0x00 (0) + [68] : 0x00 (0) + [69] : 0x00 (0) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x00 (0) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x00 (0) + [82] : 0x00 (0) + [83] : 0x00 (0) + [84] : 0x00 (0) + [85] : 0x00 (0) + [86] : 0x00 (0) + [87] : 0x00 (0) + [88] : 0x00 (0) + [89] : 0x00 (0) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x00 (0) + [96] : 0x00 (0) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x00 (0) + [101] : 0x00 (0) + [102] : 0x00 (0) + [103] : 0x00 (0) + [104] : 0x00 (0) + [105] : 0x00 (0) + [106] : 0x00 (0) + [107] : 0x00 (0) + [108] : 0x00 (0) + [109] : 0x00 (0) + [110] : 0x00 (0) + [111] : 0x00 (0) + [112] : 0x00 (0) + [113] : 0x00 (0) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x00 (0) + [118] : 0x00 (0) + [119] : 0x00 (0) + [120] : 0x00 (0) + [121] : 0x00 (0) + [122] : 0x00 (0) + [123] : 0x00 (0) + [124] : 0x00 (0) + [125] : 0x00 (0) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x00 (0) + [132] : 0x00 (0) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x00 (0) + [137] : 0x00 (0) + [138] : 0x00 (0) + [139] : 0x00 (0) + [140] : 0x00 (0) + [141] : 0x00 (0) + [142] : 0x00 (0) + [143] : 0x00 (0) + [144] : 0x00 (0) + [145] : 0x00 (0) + [146] : 0x00 (0) + [147] : 0x00 (0) + [148] : 0x00 (0) + [149] : 0x00 (0) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x00 (0) + [154] : 0x00 (0) + [155] : 0x00 (0) + [156] : 0x00 (0) + [157] : 0x00 (0) + [158] : 0x00 (0) + [159] : 0x00 (0) + [160] : 0x00 (0) + [161] : 0x00 (0) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x00 (0) + [168] : 0x00 (0) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x00 (0) + [173] : 0x00 (0) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x00 (0) + [178] : 0x00 (0) + [179] : 0x00 (0) + [180] : 0x00 (0) + [181] : 0x00 (0) + [182] : 0x00 (0) + [183] : 0x00 (0) + [184] : 0x00 (0) + [185] : 0x00 (0) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x00 (0) + [192] : 0x00 (0) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x00 (0) + [197] : 0x00 (0) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x00 (0) + [202] : 0x00 (0) + [203] : 0x00 (0) + [204] : 0x00 (0) + [205] : 0x00 (0) + [206] : 0x00 (0) + [207] : 0x00 (0) + [208] : 0x00 (0) + [209] : 0x00 (0) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x00 (0) + [216] : 0x00 (0) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x00 (0) + [221] : 0x00 (0) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x00 (0) + [226] : 0x00 (0) + [227] : 0x00 (0) + [228] : 0x00 (0) + [229] : 0x00 (0) + [230] : 0x00 (0) + [231] : 0x00 (0) + [232] : 0x00 (0) + [233] : 0x00 (0) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x00 (0) + [240] : 0x00 (0) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x00 (0) + [245] : 0x00 (0) + [246] : 0x00 (0) + [247] : 0x00 (0) + [248] : 0x00 (0) + [249] : 0x00 (0) + [250] : 0x00 (0) + [251] : 0x00 (0) + [252] : 0x00 (0) + [253] : 0x00 (0) + [254] : 0x00 (0) + [255] : 0x00 (0) + [256] : 0x00 (0) + [257] : 0x00 (0) + [258] : 0x00 (0) + [259] : 0x00 (0) + [260] : 0x00 (0) + [261] : 0x00 (0) + [262] : 0x00 (0) + [263] : 0x00 (0) + [264] : 0x00 (0) + [265] : 0x00 (0) + [266] : 0x00 (0) + [267] : 0x00 (0) + [268] : 0x00 (0) + [269] : 0x00 (0) + [270] : 0x00 (0) + [271] : 0x00 (0) + [272] : 0x00 (0) + [273] : 0x00 (0) + [274] : 0x00 (0) + [275] : 0x00 (0) + [276] : 0x00 (0) + [277] : 0x00 (0) + [278] : 0x00 (0) + [279] : 0x00 (0) + [280] : 0x00 (0) + [281] : 0x00 (0) + [282] : 0x00 (0) + [283] : 0x00 (0) + [284] : 0x00 (0) + [285] : 0x00 (0) + [286] : 0x00 (0) + [287] : 0x00 (0) + [288] : 0x00 (0) + [289] : 0x00 (0) + [290] : 0x00 (0) + [291] : 0x00 (0) + [292] : 0x00 (0) + [293] : 0x00 (0) + [294] : 0x00 (0) + [295] : 0x00 (0) + [296] : 0x00 (0) + [297] : 0x00 (0) + [298] : 0x00 (0) + [299] : 0x00 (0) + [300] : 0x00 (0) + [301] : 0x00 (0) + [302] : 0x00 (0) + [303] : 0x00 (0) + [304] : 0x00 (0) + [305] : 0x00 (0) + [306] : 0x00 (0) + [307] : 0x00 (0) + [308] : 0x00 (0) + [309] : 0x00 (0) + [310] : 0x00 (0) + [311] : 0x00 (0) + [312] : 0x00 (0) + [313] : 0x00 (0) + [314] : 0x00 (0) + [315] : 0x00 (0) + [316] : 0x00 (0) + [317] : 0x00 (0) + [318] : 0x00 (0) + [319] : 0x00 (0) + [320] : 0x00 (0) + [321] : 0x00 (0) + [322] : 0x00 (0) + [323] : 0x00 (0) + [324] : 0x00 (0) + [325] : 0x00 (0) + [326] : 0x00 (0) + [327] : 0x00 (0) + [328] : 0x00 (0) + [329] : 0x00 (0) + [330] : 0x00 (0) + [331] : 0x00 (0) + [332] : 0x00 (0) + [333] : 0x00 (0) + [334] : 0x00 (0) + [335] : 0x00 (0) + [336] : 0x00 (0) + [337] : 0x00 (0) + [338] : 0x00 (0) + [339] : 0x00 (0) + [340] : 0x00 (0) + [341] : 0x00 (0) + [342] : 0x00 (0) + [343] : 0x00 (0) + [344] : 0x00 (0) + [345] : 0x00 (0) + [346] : 0x00 (0) + [347] : 0x00 (0) + [348] : 0x00 (0) + [349] : 0x00 (0) + [350] : 0x00 (0) + [351] : 0x00 (0) + [352] : 0x00 (0) + [353] : 0x00 (0) + [354] : 0x00 (0) + [355] : 0x00 (0) + [356] : 0x00 (0) + [357] : 0x00 (0) + [358] : 0x00 (0) + [359] : 0x00 (0) + [360] : 0x00 (0) + [361] : 0x00 (0) + [362] : 0x00 (0) + [363] : 0x00 (0) + [364] : 0x00 (0) + [365] : 0x00 (0) + [366] : 0x00 (0) + [367] : 0x00 (0) + [368] : 0x00 (0) + [369] : 0x00 (0) + [370] : 0x00 (0) + [371] : 0x00 (0) + [372] : 0x00 (0) + [373] : 0x00 (0) + [374] : 0x00 (0) + [375] : 0x00 (0) + [376] : 0x00 (0) + [377] : 0x00 (0) + [378] : 0x00 (0) + [379] : 0x00 (0) + [380] : 0x00 (0) + [381] : 0x00 (0) + [382] : 0x00 (0) + [383] : 0x00 (0) + [384] : 0x00 (0) + [385] : 0x00 (0) + [386] : 0x00 (0) + [387] : 0x00 (0) + [388] : 0x00 (0) + [389] : 0x00 (0) + [390] : 0x00 (0) + [391] : 0x00 (0) + [392] : 0x00 (0) + [393] : 0x00 (0) + [394] : 0x00 (0) + [395] : 0x00 (0) + [396] : 0x00 (0) + [397] : 0x00 (0) + [398] : 0x00 (0) + [399] : 0x00 (0) + [400] : 0x00 (0) + [401] : 0x00 (0) + [402] : 0x00 (0) + [403] : 0x00 (0) + [404] : 0x00 (0) + [405] : 0x00 (0) + [406] : 0x00 (0) + [407] : 0x00 (0) + [408] : 0x00 (0) + [409] : 0x00 (0) + [410] : 0x00 (0) + [411] : 0x00 (0) + [412] : 0x00 (0) + [413] : 0x00 (0) + [414] : 0x00 (0) + [415] : 0x00 (0) + [416] : 0x00 (0) + [417] : 0x00 (0) + [418] : 0x00 (0) + [419] : 0x00 (0) + [420] : 0x00 (0) + [421] : 0x00 (0) + [422] : 0x00 (0) + [423] : 0x00 (0) + [424] : 0x00 (0) + [425] : 0x00 (0) + [426] : 0x00 (0) + [427] : 0x00 (0) + [428] : 0x00 (0) + [429] : 0x00 (0) + [430] : 0x00 (0) + [431] : 0x00 (0) + [432] : 0x00 (0) + [433] : 0x00 (0) + [434] : 0x00 (0) + [435] : 0x00 (0) + [436] : 0x00 (0) + [437] : 0x00 (0) + [438] : 0x00 (0) + [439] : 0x00 (0) + [440] : 0x00 (0) + [441] : 0x00 (0) + [442] : 0x00 (0) + [443] : 0x00 (0) + [444] : 0x00 (0) + [445] : 0x00 (0) + [446] : 0x00 (0) + [447] : 0x00 (0) + [448] : 0x00 (0) + [449] : 0x00 (0) + [450] : 0x00 (0) + [451] : 0x00 (0) + [452] : 0x00 (0) + [453] : 0x00 (0) + [454] : 0x00 (0) + [455] : 0x00 (0) + [456] : 0x00 (0) + [457] : 0x00 (0) + [458] : 0x00 (0) + [459] : 0x00 (0) + [460] : 0x00 (0) + [461] : 0x00 (0) + [462] : 0x00 (0) + [463] : 0x00 (0) + [464] : 0x00 (0) + [465] : 0x00 (0) + [466] : 0x00 (0) + [467] : 0x00 (0) + [468] : 0x00 (0) + [469] : 0x00 (0) + [470] : 0x00 (0) + [471] : 0x00 (0) + [472] : 0x00 (0) + [473] : 0x00 (0) + [474] : 0x00 (0) + [475] : 0x00 (0) + [476] : 0x00 (0) + [477] : 0x00 (0) + [478] : 0x00 (0) + [479] : 0x00 (0) + [480] : 0x00 (0) + [481] : 0x00 (0) + [482] : 0x00 (0) + [483] : 0x00 (0) + [484] : 0x00 (0) + [485] : 0x00 (0) + [486] : 0x00 (0) + [487] : 0x00 (0) + [488] : 0x00 (0) + [489] : 0x00 (0) + [490] : 0x00 (0) + [491] : 0x00 (0) + [492] : 0x00 (0) + [493] : 0x00 (0) + [494] : 0x00 (0) + [495] : 0x00 (0) + [496] : 0x00 (0) + [497] : 0x00 (0) + [498] : 0x00 (0) + [499] : 0x00 (0) + [500] : 0x00 (0) + [501] : 0x00 (0) + [502] : 0x00 (0) + [503] : 0x00 (0) + [504] : 0x00 (0) + [505] : 0x00 (0) + [506] : 0x00 (0) + [507] : 0x00 (0) + [508] : 0x00 (0) + [509] : 0x00 (0) + [510] : 0x00 (0) + [511] : 0x00 (0) + [512] : 0x00 (0) + [513] : 0x00 (0) + [514] : 0x00 (0) + [515] : 0x00 (0) + [516] : 0x00 (0) + [517] : 0x00 (0) + [518] : 0x00 (0) + [519] : 0x00 (0) + [520] : 0x00 (0) + [521] : 0x00 (0) + [522] : 0x00 (0) + [523] : 0x00 (0) + [524] : 0x00 (0) + [525] : 0x00 (0) + [526] : 0x00 (0) + [527] : 0x00 (0) + [528] : 0x00 (0) + [529] : 0x00 (0) + [530] : 0x00 (0) + [531] : 0x00 (0) + [532] : 0x00 (0) + [533] : 0x00 (0) + [534] : 0x00 (0) + [535] : 0x00 (0) + [536] : 0x00 (0) + [537] : 0x00 (0) + [538] : 0x00 (0) + [539] : 0x00 (0) + [540] : 0x00 (0) + [541] : 0x00 (0) + [542] : 0x00 (0) + [543] : 0x00 (0) + [544] : 0x00 (0) + [545] : 0x00 (0) + [546] : 0x00 (0) + [547] : 0x00 (0) + [548] : 0x00 (0) + [549] : 0x00 (0) + [550] : 0x00 (0) + [551] : 0x00 (0) + [552] : 0x00 (0) + [553] : 0x00 (0) + [554] : 0x00 (0) + [555] : 0x00 (0) + [556] : 0x00 (0) + [557] : 0x00 (0) + [558] : 0x00 (0) + [559] : 0x00 (0) + [560] : 0x00 (0) + [561] : 0x00 (0) + [562] : 0x00 (0) + [563] : 0x00 (0) + [564] : 0x00 (0) + [565] : 0x00 (0) + [566] : 0x00 (0) + [567] : 0x00 (0) + [568] : 0x00 (0) + [569] : 0x00 (0) + [570] : 0x00 (0) + [571] : 0x00 (0) + [572] : 0x00 (0) + [573] : 0x00 (0) + [574] : 0x00 (0) + [575] : 0x00 (0) + [576] : 0x00 (0) + [577] : 0x00 (0) + [578] : 0x00 (0) + [579] : 0x00 (0) + [580] : 0x00 (0) + [581] : 0x00 (0) + [582] : 0x00 (0) + [583] : 0x00 (0) + [584] : 0x00 (0) + [585] : 0x00 (0) + [586] : 0x00 (0) + [587] : 0x00 (0) + [588] : 0x00 (0) + [589] : 0x00 (0) + [590] : 0x00 (0) + [591] : 0x00 (0) + [592] : 0x00 (0) + [593] : 0x00 (0) + [594] : 0x00 (0) + [595] : 0x00 (0) + [596] : 0x00 (0) + [597] : 0x00 (0) + [598] : 0x00 (0) + [599] : 0x00 (0) + [600] : 0x00 (0) + [601] : 0x00 (0) + [602] : 0x00 (0) + [603] : 0x00 (0) + [604] : 0x00 (0) + [605] : 0x00 (0) + [606] : 0x00 (0) + [607] : 0x00 (0) + [608] : 0x00 (0) + [609] : 0x00 (0) + [610] : 0x00 (0) + [611] : 0x00 (0) + [612] : 0x00 (0) + [613] : 0x00 (0) + [614] : 0x00 (0) + [615] : 0x00 (0) + [616] : 0x00 (0) + [617] : 0x00 (0) + [618] : 0x00 (0) + [619] : 0x00 (0) + [620] : 0x00 (0) + [621] : 0x00 (0) + [622] : 0x00 (0) + [623] : 0x00 (0) + [624] : 0x00 (0) + [625] : 0x00 (0) + [626] : 0x00 (0) + [627] : 0x00 (0) + [628] : 0x00 (0) + [629] : 0x00 (0) + [630] : 0x00 (0) + [631] : 0x00 (0) + [632] : 0x00 (0) + [633] : 0x00 (0) + [634] : 0x00 (0) + [635] : 0x00 (0) + [636] : 0x00 (0) + [637] : 0x00 (0) + [638] : 0x00 (0) + [639] : 0x00 (0) + [640] : 0x00 (0) + [641] : 0x00 (0) + [642] : 0x00 (0) + [643] : 0x00 (0) + [644] : 0x00 (0) + [645] : 0x00 (0) + [646] : 0x00 (0) + [647] : 0x00 (0) + [648] : 0x00 (0) + [649] : 0x00 (0) + [650] : 0x00 (0) + [651] : 0x00 (0) + [652] : 0x00 (0) + [653] : 0x00 (0) + [654] : 0x00 (0) + [655] : 0x00 (0) + [656] : 0x00 (0) + [657] : 0x00 (0) + [658] : 0x00 (0) + [659] : 0x00 (0) + [660] : 0x00 (0) + [661] : 0x00 (0) + [662] : 0x00 (0) + [663] : 0x00 (0) + [664] : 0x00 (0) + [665] : 0x00 (0) + [666] : 0x00 (0) + [667] : 0x00 (0) + [668] : 0x00 (0) + [669] : 0x00 (0) + [670] : 0x00 (0) + [671] : 0x00 (0) + [672] : 0x00 (0) + [673] : 0x00 (0) + [674] : 0x00 (0) + [675] : 0x00 (0) + [676] : 0x00 (0) + [677] : 0x00 (0) + [678] : 0x00 (0) + [679] : 0x00 (0) + [680] : 0x00 (0) + [681] : 0x00 (0) + [682] : 0x00 (0) + [683] : 0x00 (0) + [684] : 0x00 (0) + [685] : 0x00 (0) + [686] : 0x00 (0) + [687] : 0x00 (0) + [688] : 0x00 (0) + [689] : 0x00 (0) + [690] : 0x00 (0) + [691] : 0x00 (0) + [692] : 0x00 (0) + [693] : 0x00 (0) + [694] : 0x00 (0) + [695] : 0x00 (0) + [696] : 0x00 (0) + [697] : 0x00 (0) + [698] : 0x00 (0) + [699] : 0x00 (0) + [700] : 0x00 (0) + [701] : 0x00 (0) + [702] : 0x00 (0) + [703] : 0x00 (0) + [704] : 0x00 (0) + [705] : 0x00 (0) + [706] : 0x00 (0) + [707] : 0x00 (0) + [708] : 0x00 (0) + [709] : 0x00 (0) + [710] : 0x00 (0) + [711] : 0x00 (0) + [712] : 0x00 (0) + [713] : 0x00 (0) + [714] : 0x00 (0) + [715] : 0x00 (0) + [716] : 0x00 (0) + [717] : 0x00 (0) + [718] : 0x00 (0) + [719] : 0x00 (0) + [720] : 0x00 (0) + [721] : 0x00 (0) + [722] : 0x00 (0) + [723] : 0x00 (0) + [724] : 0x00 (0) + [725] : 0x00 (0) + [726] : 0x00 (0) + [727] : 0x00 (0) + [728] : 0x00 (0) + [729] : 0x00 (0) + [730] : 0x00 (0) + [731] : 0x00 (0) + [732] : 0x00 (0) + [733] : 0x00 (0) + [734] : 0x00 (0) + [735] : 0x00 (0) + [736] : 0x00 (0) + [737] : 0x00 (0) + [738] : 0x00 (0) + [739] : 0x00 (0) + [740] : 0x00 (0) + [741] : 0x00 (0) + [742] : 0x00 (0) + [743] : 0x00 (0) + [744] : 0x00 (0) + [745] : 0x00 (0) + [746] : 0x00 (0) + [747] : 0x00 (0) + [748] : 0x00 (0) + [749] : 0x00 (0) + [750] : 0x00 (0) + [751] : 0x00 (0) + [752] : 0x00 (0) + [753] : 0x00 (0) + [754] : 0x00 (0) + [755] : 0x00 (0) + [756] : 0x00 (0) + [757] : 0x00 (0) + [758] : 0x00 (0) + [759] : 0x00 (0) + [760] : 0x00 (0) + [761] : 0x00 (0) + [762] : 0x00 (0) + [763] : 0x00 (0) + [764] : 0x00 (0) + [765] : 0x00 (0) + [766] : 0x00 (0) + [767] : 0x00 (0) + [768] : 0x00 (0) + [769] : 0x00 (0) + [770] : 0x00 (0) + [771] : 0x00 (0) + [772] : 0x00 (0) + [773] : 0x00 (0) + [774] : 0x00 (0) + [775] : 0x00 (0) + [776] : 0x00 (0) + [777] : 0x00 (0) + [778] : 0x00 (0) + [779] : 0x00 (0) + [780] : 0x00 (0) + [781] : 0x00 (0) + [782] : 0x00 (0) + [783] : 0x00 (0) + [784] : 0x00 (0) + [785] : 0x00 (0) + [786] : 0x00 (0) + [787] : 0x00 (0) + [788] : 0x00 (0) + [789] : 0x00 (0) + [790] : 0x00 (0) + [791] : 0x00 (0) + [792] : 0x00 (0) + [793] : 0x00 (0) + [794] : 0x00 (0) + [795] : 0x00 (0) + [796] : 0x00 (0) + [797] : 0x00 (0) + [798] : 0x00 (0) + [799] : 0x00 (0) + [800] : 0x00 (0) + [801] : 0x00 (0) + [802] : 0x00 (0) + [803] : 0x00 (0) + [804] : 0x00 (0) + [805] : 0x00 (0) + [806] : 0x00 (0) + [807] : 0x00 (0) + [808] : 0x00 (0) + [809] : 0x00 (0) + [810] : 0x00 (0) + [811] : 0x00 (0) + [812] : 0x00 (0) + [813] : 0x00 (0) + [814] : 0x00 (0) + [815] : 0x00 (0) + [816] : 0x00 (0) + [817] : 0x00 (0) + [818] : 0x00 (0) + [819] : 0x00 (0) + [820] : 0x00 (0) + [821] : 0x00 (0) + [822] : 0x00 (0) + [823] : 0x00 (0) + [824] : 0x00 (0) + [825] : 0x00 (0) + [826] : 0x00 (0) + [827] : 0x00 (0) + [828] : 0x00 (0) + [829] : 0x00 (0) + [830] : 0x00 (0) + [831] : 0x00 (0) + [832] : 0x00 (0) + [833] : 0x00 (0) + [834] : 0x00 (0) + [835] : 0x00 (0) + [836] : 0x00 (0) + [837] : 0x00 (0) + [838] : 0x00 (0) + [839] : 0x00 (0) + [840] : 0x00 (0) + [841] : 0x00 (0) + [842] : 0x00 (0) + [843] : 0x00 (0) + [844] : 0x00 (0) + [845] : 0x00 (0) + [846] : 0x00 (0) + [847] : 0x00 (0) + [848] : 0x00 (0) + [849] : 0x00 (0) + [850] : 0x00 (0) + [851] : 0x00 (0) + [852] : 0x00 (0) + [853] : 0x00 (0) + [854] : 0x00 (0) + [855] : 0x00 (0) + [856] : 0x00 (0) + [857] : 0x00 (0) + [858] : 0x00 (0) + [859] : 0x00 (0) + [860] : 0x00 (0) + [861] : 0x00 (0) + [862] : 0x00 (0) + [863] : 0x00 (0) + [864] : 0x00 (0) + [865] : 0x00 (0) + [866] : 0x00 (0) + [867] : 0x00 (0) + [868] : 0x00 (0) + [869] : 0x00 (0) + [870] : 0x00 (0) + [871] : 0x00 (0) + [872] : 0x00 (0) + [873] : 0x00 (0) + [874] : 0x00 (0) + [875] : 0x00 (0) + [876] : 0x00 (0) + [877] : 0x00 (0) + [878] : 0x00 (0) + [879] : 0x00 (0) + [880] : 0x00 (0) + [881] : 0x00 (0) + [882] : 0x00 (0) + [883] : 0x00 (0) + [884] : 0x00 (0) + [885] : 0x00 (0) + [886] : 0x00 (0) + [887] : 0x00 (0) + [888] : 0x00 (0) + [889] : 0x00 (0) + [890] : 0x00 (0) + [891] : 0x00 (0) + [892] : 0x00 (0) + [893] : 0x00 (0) + [894] : 0x00 (0) + [895] : 0x00 (0) + [896] : 0x00 (0) + [897] : 0x00 (0) + [898] : 0x00 (0) + [899] : 0x00 (0) + [900] : 0x00 (0) + [901] : 0x00 (0) + [902] : 0x00 (0) + [903] : 0x00 (0) + [904] : 0x00 (0) + [905] : 0x00 (0) + [906] : 0x00 (0) + [907] : 0x00 (0) + [908] : 0x00 (0) + [909] : 0x00 (0) + [910] : 0x00 (0) + [911] : 0x00 (0) + [912] : 0x00 (0) + [913] : 0x00 (0) + [914] : 0x00 (0) + [915] : 0x00 (0) + [916] : 0x00 (0) + [917] : 0x00 (0) + [918] : 0x00 (0) + [919] : 0x00 (0) + [920] : 0x00 (0) + [921] : 0x00 (0) + [922] : 0x00 (0) + [923] : 0x00 (0) + [924] : 0x00 (0) + [925] : 0x00 (0) + [926] : 0x00 (0) + [927] : 0x00 (0) + [928] : 0x00 (0) + [929] : 0x00 (0) + [930] : 0x00 (0) + [931] : 0x00 (0) + [932] : 0x00 (0) + [933] : 0x00 (0) + [934] : 0x00 (0) + [935] : 0x00 (0) + [936] : 0x00 (0) + [937] : 0x00 (0) + [938] : 0x00 (0) + [939] : 0x00 (0) + [940] : 0x00 (0) + [941] : 0x00 (0) + [942] : 0x00 (0) + [943] : 0x00 (0) + [944] : 0x00 (0) + [945] : 0x00 (0) + [946] : 0x00 (0) + [947] : 0x00 (0) + [948] : 0x00 (0) + [949] : 0x00 (0) + [950] : 0x00 (0) + [951] : 0x00 (0) + [952] : 0x00 (0) + [953] : 0x00 (0) + [954] : 0x00 (0) + [955] : 0x00 (0) + [956] : 0x00 (0) + [957] : 0x00 (0) + [958] : 0x00 (0) + [959] : 0x00 (0) + [960] : 0x00 (0) + [961] : 0x00 (0) + [962] : 0x00 (0) + [963] : 0x00 (0) + [964] : 0x00 (0) + [965] : 0x00 (0) + [966] : 0x00 (0) + [967] : 0x00 (0) + [968] : 0x00 (0) + [969] : 0x00 (0) + [970] : 0x00 (0) + [971] : 0x00 (0) + [972] : 0x00 (0) + [973] : 0x00 (0) + [974] : 0x00 (0) + [975] : 0x00 (0) + [976] : 0x00 (0) + [977] : 0x00 (0) + [978] : 0x00 (0) + [979] : 0x00 (0) + [980] : 0x00 (0) + [981] : 0x00 (0) + [982] : 0x00 (0) + [983] : 0x00 (0) + [984] : 0x00 (0) + [985] : 0x00 (0) + [986] : 0x00 (0) + [987] : 0x00 (0) + [988] : 0x00 (0) + [989] : 0x00 (0) + [990] : 0x00 (0) + [991] : 0x00 (0) + [992] : 0x00 (0) + [993] : 0x00 (0) + [994] : 0x00 (0) + [995] : 0x00 (0) + [996] : 0x00 (0) + [997] : 0x00 (0) + [998] : 0x00 (0) + [999] : 0x00 (0) + [1000] : 0x00 (0) + [1001] : 0x00 (0) + [1002] : 0x00 (0) + [1003] : 0x00 (0) + [1004] : 0x00 (0) + [1005] : 0x00 (0) + [1006] : 0x00 (0) + [1007] : 0x00 (0) + [1008] : 0x00 (0) + [1009] : 0x00 (0) + [1010] : 0x00 (0) + [1011] : 0x00 (0) + [1012] : 0x00 (0) + [1013] : 0x00 (0) + [1014] : 0x00 (0) + [1015] : 0x00 (0) + [1016] : 0x00 (0) + [1017] : 0x00 (0) + [1018] : 0x00 (0) + [1019] : 0x00 (0) + [1020] : 0x00 (0) + [1021] : 0x00 (0) + [1022] : 0x00 (0) + [1023] : 0x00 (0) + needed : * + needed : 0x00000000 (0) + result : WERR_INVALID_PARAM +[2013/11/07 07:38:48.407000, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.407061, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.407106, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 1068 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 1084 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.407330, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 1084 +[2013/11/07 07:38:48.407373, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.407416, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.407459, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1040. +[2013/11/07 07:38:48.407513, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0428 (1064) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000410 (1040) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=1040 + [0000] 04 00 02 00 00 04 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 57 00 00 00 ........ ....W... +[2013/11/07 07:38:48.410200, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:48.410243, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:48.410290, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:48.410333, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.410378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/178/127 +[2013/11/07 07:38:48.410514, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.410565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 178 (position 178) from bitmap +[2013/11/07 07:38:48.410607, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 178 +[2013/11/07 07:38:48.410666, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.410708, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.411477, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.411667, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.411717, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 2469941583 +[2013/11/07 07:38:48.411768, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.411808, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.411852, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key D2226FC2 +[2013/11/07 07:38:48.411911, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3b2080 +[2013/11/07 07:38:48.411966, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key D2226FC2 +[2013/11/07 07:38:48.412008, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.412047, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.412103, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 2469941583 (9 used) +[2013/11/07 07:38:48.412161, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.412206, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/179/127 +[2013/11/07 07:38:48.414175, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.414255, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 179 (position 179) from bitmap +[2013/11/07 07:38:48.414311, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 179 +[2013/11/07 07:38:48.414372, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.414417, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.415183, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.415373, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.415420, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 179, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.415461, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2421171645 +[2013/11/07 07:38:48.415508, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 40 +[2013/11/07 07:38:48.415550, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 1064, current_pdu_sent = 1024 returning 40 bytes. +[2013/11/07 07:38:48.415595, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.415873, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 40 bytes. There is more data outstanding +[2013/11/07 07:38:48.415919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:40] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:48.415964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/180/127 +[2013/11/07 07:38:48.424794, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.424919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 180 (position 180) from bitmap +[2013/11/07 07:38:48.424964, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 180 +[2013/11/07 07:38:48.425023, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.425074, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.426678, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.427063, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.427259, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 180, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.427356, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2421171645 +[2013/11/07 07:38:48.427451, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 130 +[2013/11/07 07:38:48.427530, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 130 +[2013/11/07 07:38:48.427612, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 130 +[2013/11/07 07:38:48.427688, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 130 +[2013/11/07 07:38:48.427764, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 130, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.427845, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.427920, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 114 +[2013/11/07 07:38:48.427995, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 114 +[2013/11/07 07:38:48.428077, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.428151, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 114 +[2013/11/07 07:38:48.428226, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 114, incoming data = 114 +[2013/11/07 07:38:48.428307, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.428404, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0082 (130) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x0000006a (106) + context_id : 0x0000 (0) + opnum : 0x0011 (17) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=106 + [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 01 00 00 00 01 00 00 00 00 00 02 00 .Q...... ........ + [0020] 04 00 02 00 00 00 00 00 08 00 02 00 0A 00 00 00 ........ ........ + [0030] 00 00 00 00 0A 00 00 00 54 00 65 00 73 00 74 00 ........ T.e.s.t. + [0040] 73 00 65 00 69 00 74 00 65 00 00 00 09 00 00 00 s.e.i.t. e....... + [0050] 00 00 00 00 09 00 00 00 58 00 50 00 53 00 5F 00 ........ X.P.S._. + [0060] 50 00 41 00 53 00 53 00 00 00 P.A.S.S. .. +[2013/11/07 07:38:48.429826, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.429909, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.429991, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.430082, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.430163, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.431753, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.432145, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.432237, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x11 - api_rpcTNP: rpc command: SPOOLSS_STARTDOCPRINTER +[2013/11/07 07:38:48.432323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[17].fn == 0x7f375c25f560 +[2013/11/07 07:38:48.432465, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_StartDocPrinter: struct spoolss_StartDocPrinter + in: struct spoolss_StartDocPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ed-0000-0000-7b52-7735c5510000 + info_ctr : * + info_ctr: struct spoolss_DocumentInfoCtr + level : 0x00000001 (1) + info : union spoolss_DocumentInfo(case 1) + info1 : * + info1: struct spoolss_DocumentInfo1 + document_name : * + document_name : 'Testseite' + output_file : NULL + datatype : * + datatype : 'XPS_PASS' +[2013/11/07 07:38:48.433186, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.433348, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_StartDocPrinter: struct spoolss_StartDocPrinter + out: struct spoolss_StartDocPrinter + job_id : * + job_id : 0x00000000 (0) + result : WERR_INVALID_DATATYPE +[2013/11/07 07:38:48.433824, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.433935, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.434022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 114 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 130 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.434444, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 130 +[2013/11/07 07:38:48.434529, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1064 +[2013/11/07 07:38:48.434613, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1064 +[2013/11/07 07:38:48.434716, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 8. +[2013/11/07 07:38:48.435143, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0020 (32) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000008 (8) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=8 + [0000] 00 00 00 00 0C 07 00 00 ........ +[2013/11/07 07:38:48.435922, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.436022, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 32 bytes. There is no more data outstanding +[2013/11/07 07:38:48.436103, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 32 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.436194, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 32 status NT_STATUS_OK +[2013/11/07 07:38:48.436277, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:32] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.436363, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/181/127 +[2013/11/07 07:38:48.447280, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.447522, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 181 (position 181) from bitmap +[2013/11/07 07:38:48.447638, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 181 +[2013/11/07 07:38:48.447778, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.447902, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.450110, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.450604, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.450729, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 181, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.450835, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3487054153 +[2013/11/07 07:38:48.450951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.451051, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.451153, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.451249, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.451408, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.451512, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.451607, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.451723, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.451880, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.451978, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.452073, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.452179, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.452301, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.453590, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.453691, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.453796, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.453966, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.454072, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.455997, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.456467, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.456582, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.456691, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.456803, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000e4-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.457134, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[4] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.457331, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[4] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.457630, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[4] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.457824, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.457926, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.458324, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.458449, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.458554, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.459081, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.459186, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.459293, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.459397, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.459524, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.460559, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.460677, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.460777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.460889, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.461009, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.461120, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/182/127 +[2013/11/07 07:38:48.461554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.461614, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 182 (position 182) from bitmap +[2013/11/07 07:38:48.461658, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 182 +[2013/11/07 07:38:48.461714, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.461756, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.462559, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.462750, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.462799, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 182, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.462851, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2421171645 +[2013/11/07 07:38:48.462898, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.462937, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.462977, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.463015, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.463054, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.463094, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.463131, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.463168, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.463209, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.463246, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.463283, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.463324, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.463370, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.463821, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.463859, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.463899, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.463943, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.463983, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.464739, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.464926, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.464970, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.465013, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.465057, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ed-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.465199, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.465278, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.465355, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 ED 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.465494, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.465538, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.465687, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.465737, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.465778, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.465990, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.466031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1064 +[2013/11/07 07:38:48.466074, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1064 +[2013/11/07 07:38:48.466115, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.466167, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.466591, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.466640, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.466681, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.466726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.466767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.466812, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/183/127 +[2013/11/07 07:38:48.466954, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.467003, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 183 (position 183) from bitmap +[2013/11/07 07:38:48.467044, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 183 +[2013/11/07 07:38:48.467098, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.467140, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.467911, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.468100, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.468147, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 183, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.468188, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4038471001 +[2013/11/07 07:38:48.468233, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.468272, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.468312, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.468350, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.468388, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.468428, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.468464, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.468502, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.468543, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.468580, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.468617, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.468665, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.468711, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.469154, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.469193, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.469233, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.469277, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.469317, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.470160, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.470348, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.470393, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.470437, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.470481, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 000000ea-0000-0000-7b52-7735c5510000 +[2013/11/07 07:38:48.470611, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.470688, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.470765, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[2] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 7B 52 77 35 ........ ....{Rw5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.470840, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.470880, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.471028, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.471077, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.471118, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.471335, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.471379, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:48.471422, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:48.471555, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.471610, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000007 (7) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.472024, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.472072, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.472112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.472157, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.472198, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.472241, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/184/127 +[2013/11/07 07:38:48.472379, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.472439, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 184 (position 184) from bitmap +[2013/11/07 07:38:48.472480, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 184 +[2013/11/07 07:38:48.472534, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.472576, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.473336, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.473590, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.473642, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 184, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.473684, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3462979724 +[2013/11/07 07:38:48.473758, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.473798, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.473848, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.473897, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.473936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.473975, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.474013, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.474050, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.474090, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.474127, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.474164, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.474205, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.474250, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.474710, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.474748, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.474789, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.474833, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.474881, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.475685, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.475873, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.475918, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.475961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.476004, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000010b-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.476132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.476211, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.476295, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[1] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.476371, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.476412, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.476559, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.476608, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.476649, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.476857, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.476898, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.476940, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.476981, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.477031, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.477536, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.477587, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.477628, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.477672, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.477714, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.477757, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/185/127 +[2013/11/07 07:38:48.477886, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.477934, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 185 (position 185) from bitmap +[2013/11/07 07:38:48.477975, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 185 +[2013/11/07 07:38:48.478029, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.478070, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.478840, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.479029, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.479076, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 185, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:48.479117, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 247904114 +[2013/11/07 07:38:48.479160, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:48.479199, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:48.479239, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:48.479277, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:48.479314, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:48.479354, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:48.479391, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.479428, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:48.479468, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:48.479506, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:48.479543, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:48.479583, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:48.479628, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.480078, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:48.480116, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:48.480156, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.480200, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:48.480239, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.480991, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.481184, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:48.481226, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:48.481268, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:48.481311, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000111-0000-0000-7b52-7835c5510000 +[2013/11/07 07:38:48.481504, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.481583, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.481659, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 78 35 ........ ....{Rx5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:48.481734, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:48.481775, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:48.481922, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:48.481970, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.482010, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:48.482217, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:48.482258, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:48.482308, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:48.482349, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:48.482399, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:48.482809, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:48.482856, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:48.482896, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:48.482940, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:48.482980, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:48.483023, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/186/127 +[2013/11/07 07:38:48.483153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.483201, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 186 (position 186) from bitmap +[2013/11/07 07:38:48.483242, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 186 +[2013/11/07 07:38:48.483294, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.483336, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.484152, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.484342, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.484391, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 3487054153 +[2013/11/07 07:38:48.484441, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.484481, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.484526, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 5445CA1B +[2013/11/07 07:38:48.484589, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3b06a0 +[2013/11/07 07:38:48.484644, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 5445CA1B +[2013/11/07 07:38:48.484686, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.484726, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.484784, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 3487054153 (8 used) +[2013/11/07 07:38:48.484852, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.484899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/187/127 +[2013/11/07 07:38:48.486922, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.487022, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 187 (position 187) from bitmap +[2013/11/07 07:38:48.487084, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 187 +[2013/11/07 07:38:48.487140, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.487184, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.487964, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.488173, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.488223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 2421171645 +[2013/11/07 07:38:48.488287, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.488328, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.488371, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 0E04C1DB +[2013/11/07 07:38:48.488425, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d392940 +[2013/11/07 07:38:48.488478, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 0E04C1DB +[2013/11/07 07:38:48.488521, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.488560, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.488617, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 2421171645 (7 used) +[2013/11/07 07:38:48.488677, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.488722, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/188/127 +[2013/11/07 07:38:48.490446, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.490524, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 188 (position 188) from bitmap +[2013/11/07 07:38:48.490567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 188 +[2013/11/07 07:38:48.490627, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.490670, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.491456, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.491646, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.491695, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 4038471001 +[2013/11/07 07:38:48.491741, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.491780, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.491823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key D5B9A3A5 +[2013/11/07 07:38:48.491871, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d392940 +[2013/11/07 07:38:48.491921, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key D5B9A3A5 +[2013/11/07 07:38:48.491962, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.492001, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.492056, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 4038471001 (6 used) +[2013/11/07 07:38:48.492123, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.492168, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/189/127 +[2013/11/07 07:38:48.493517, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.493590, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 189 (position 189) from bitmap +[2013/11/07 07:38:48.493633, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 189 +[2013/11/07 07:38:48.493685, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.493739, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.494510, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.494701, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.494748, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 3462979724 +[2013/11/07 07:38:48.494796, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.494836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.494878, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 347F2EE3 +[2013/11/07 07:38:48.494926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d34b360 +[2013/11/07 07:38:48.494976, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 347F2EE3 +[2013/11/07 07:38:48.495017, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.495055, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.495127, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 3462979724 (5 used) +[2013/11/07 07:38:48.495186, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.495231, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/190/127 +[2013/11/07 07:38:48.496590, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:48.496654, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 190 (position 190) from bitmap +[2013/11/07 07:38:48.496705, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 190 +[2013/11/07 07:38:48.496758, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:48.496800, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:48.497656, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:48.497858, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:48.497908, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 247904114 +[2013/11/07 07:38:48.497955, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.497994, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:48.498036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key C15C1511 +[2013/11/07 07:38:48.498092, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d3922c0 +[2013/11/07 07:38:48.498143, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key C15C1511 +[2013/11/07 07:38:48.498184, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:48.498223, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:48.498276, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 247904114 (4 used) +[2013/11/07 07:38:48.498334, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:48.498378, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/191/127 +[2013/11/07 07:38:49.793512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.793810, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 191 (position 191) from bitmap +[2013/11/07 07:38:49.793926, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 191 +[2013/11/07 07:38:49.794082, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.794193, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.796160, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.796651, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.796861, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:49.797002, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:49.797120, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:49.798606, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 0C0FB5EB +[2013/11/07 07:38:49.798753, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d357700 +[2013/11/07 07:38:49.798948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:49.799029, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key '0C0FB5EB' stored +[2013/11/07 07:38:49.799136, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x0c0fb5eb (202356203) + open_persistent_id : 0x000000000c0fb5eb (202356203) + open_volatile_id : 0x00000000b9b2d816 (3115505686) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:50 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:49.800535, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 0C0FB5EB +[2013/11/07 07:38:49.800645, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:49.800744, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:49.800847, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:49.800906, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0x0c0fb5eb) stored +[2013/11/07 07:38:49.801002, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xb9b2d816 (3115505686) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0x0c0fb5eb (202356203) + open_persistent_id : 0x000000000c0fb5eb (202356203) + open_volatile_id : 0x00000000b9b2d816 (3115505686) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:50 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:50 2013 CET + compat : NULL +[2013/11/07 07:38:49.802642, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 3115505686 (5 used) +[2013/11/07 07:38:49.802766, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:49.802914, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:49.803037, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 24 for pipe \spoolss +[2013/11/07 07:38:49.803306, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:49.803416, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:49.803550, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 3115505686 +[2013/11/07 07:38:49.803707, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:49.803823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/192/127 +[2013/11/07 07:38:49.806287, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.806504, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 192 (position 192) from bitmap +[2013/11/07 07:38:49.806634, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 192 +[2013/11/07 07:38:49.806791, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.806918, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.809058, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.809717, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.809843, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 192, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.809948, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 3115505686 +[2013/11/07 07:38:49.810063, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:49.810169, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:49.810265, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:49.810364, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:49.810467, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:49.810560, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:49.810785, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:49.810894, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:49.810990, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:49.811083, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:49.811186, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:49.811308, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:49.813688, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:49.813797, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:49.813899, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:49.813996, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:49.814105, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:49.814209, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 25 for pipe \spoolss +[2013/11/07 07:38:49.814351, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:49.815657, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:49.816178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:49.816296, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/193/127 +[2013/11/07 07:38:49.818389, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.818611, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 193 (position 193) from bitmap +[2013/11/07 07:38:49.818720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 193 +[2013/11/07 07:38:49.818856, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.818966, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.820914, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.821601, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.822133, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 193, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.822261, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3115505686 +[2013/11/07 07:38:49.822378, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:49.822489, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:49.822599, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:49.823121, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:49.823235, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:49.823346, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/194/127 +[2013/11/07 07:38:49.826722, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.826918, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 194 (position 194) from bitmap +[2013/11/07 07:38:49.827025, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 194 +[2013/11/07 07:38:49.827191, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.827302, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.829839, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.830331, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.830458, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 194, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.830565, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3115505686 +[2013/11/07 07:38:49.830682, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:49.830782, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:49.830885, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:49.830982, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:49.831107, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:49.831210, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:49.831305, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:49.831401, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:49.831507, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:49.831602, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:49.831802, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:49.831983, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:49.832426, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:49.834672, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:49.834805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:49.834914, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.835031, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.835137, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.837152, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.837722, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:49.837835, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:49.837944, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:49.838076, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000000 (0) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 0: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:49.839416, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:49.839535, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.839736, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:49.839872, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:49.840096, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:49.840237, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:49.840336, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.840532, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.840723, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:49.840872, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:49.841213, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:49.841560, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:49.841704, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:49.841759, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:49.841801, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:49.841896, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:49.841965, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.842197, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:49.842243, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.842288, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.842329, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.842367, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:49.842405, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:49.842559, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.842604, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:49.842650, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:49.842688, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:49.842730, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.842767, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:49.842847, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.842940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000115-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.843128, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000115-0000-0000-7b52-7935c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.843571, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.843652, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:49.843692, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:49.843735, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.843772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.843812, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.843850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.843917, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:49.843958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:49.844000, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.844045, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.844086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.844123, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.844185, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:49.844228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:49.844270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.844309, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.844349, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.844387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.844445, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:49.844486, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:49.844530, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.844568, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.844609, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.844646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.844718, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:49.844760, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:49.844803, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.844842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.844884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.844921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.844989, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:49.845031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:49.845074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.845112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.845154, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.845192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.845259, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:49.845301, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:49.845344, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.845450, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.845494, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.845532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.845603, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:49.845646, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:49.845687, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:49.845727, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:49.845766, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:49.845806, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:49.845849, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.845936, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000116-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.846101, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:49.846160, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000116-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.846292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.846370, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.846447, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.846487, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:49.846527, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.846689, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000115-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.846820, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.846898, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.846974, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.847022, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:49.847076, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.847236, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:49.847285, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000114-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.847436, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:49.847489, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.847532, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:49.847744, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:49.847787, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:49.847830, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:49.847872, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:49.847925, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:49.848349, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:49.848398, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:49.848440, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:49.848486, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:49.848528, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:49.848573, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/195/127 +[2013/11/07 07:38:49.852413, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.852505, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 195 (position 195) from bitmap +[2013/11/07 07:38:49.852549, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 195 +[2013/11/07 07:38:49.852608, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.852652, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.853621, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.853816, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.853867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 195, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.853909, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3115505686 +[2013/11/07 07:38:49.853956, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:49.853996, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:49.854037, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:49.854076, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:49.854115, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:49.854155, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:49.854192, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:49.854230, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:49.854272, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:49.854310, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:49.854348, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:49.854390, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:49.854440, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:49.863946, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:49.863988, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:49.864036, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.864082, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.864123, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.864885, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.865081, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:49.865128, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:49.865171, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:49.865220, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000114-0000-0000-7b52-7935c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:49.874442, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.874527, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.874605, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:49.874746, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:49.874805, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:49.874846, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:49.874950, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:49.875027, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.875259, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:49.875305, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.875349, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.875399, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.875439, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:49.875478, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:49.875641, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.875687, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:49.875733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:49.875772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:49.875814, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.875852, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:49.875937, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.876017, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000117-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.876209, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000117-0000-0000-7b52-7935c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.876653, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.876744, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:49.876786, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:49.876829, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.876867, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.876908, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.876946, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.877015, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:49.877057, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:49.877099, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.877137, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.877178, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.877215, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.877278, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:49.877319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:49.877467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.877567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.877612, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.877651, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.877713, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:49.877756, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:49.877807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.877846, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.877887, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.877925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.878001, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:49.878045, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:49.878088, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.878127, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.878170, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.878207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.878268, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:49.878311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:49.878354, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.878393, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.878436, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.878473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.878541, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:49.878583, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:49.878627, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.878666, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.878716, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.878754, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.878823, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:49.878866, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:49.878907, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:49.878947, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:49.878987, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:49.879028, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:49.879072, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.879151, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.879426, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:49.879646, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.879729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:49.879771, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.879846, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:49.879891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:49.879934, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:49.879977, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:49.880020, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:49.880062, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:49.880105, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:49.880148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:49.880191, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:49.880234, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:49.880277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:49.880320, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:49.880363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:49.880406, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.880470, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:49.880933, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.881312, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.881539, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.881591, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.881994, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.882380, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.882457, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.882502, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:49.882861, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.883233, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.883309, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.883353, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:49.883818, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.884190, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.884267, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.884312, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.884710, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.885083, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.885160, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.885206, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:49.886230, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.886605, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.886682, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.886727, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.887364, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.887743, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.887821, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.887867, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.888504, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.888878, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.888955, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.889000, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.889607, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.890047, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.890126, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.890173, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:49.894685, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.895060, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.895136, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.895181, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.895813, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.896185, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.896262, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.896307, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.896702, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.897080, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.897157, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.897203, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.897643, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.898013, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.898089, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.898142, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.898571, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.898917, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.898995, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.899035, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.899080, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:49.899120, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:49.899344, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.899578, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:49.899620, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:49.899663, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:49.899701, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:49.899742, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.899779, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:49.899856, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.899936, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000119-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.900103, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000119-0000-0000-7b52-7935c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.900546, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.900626, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:49.900666, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:49.900708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.900746, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.900786, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.900823, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.900888, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:49.900928, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:49.900970, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.901008, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.901048, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.901085, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.901145, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:49.901186, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:49.901228, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.901266, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.901306, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.901343, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.901471, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:49.901513, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:49.901564, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.901602, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.901643, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.901680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.901751, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:49.901793, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:49.901836, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.901876, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.901919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.901956, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.902017, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:49.902058, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:49.902102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.902141, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.902184, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.902221, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.902287, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:49.902329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:49.902374, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.902420, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.902463, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.902501, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.902570, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:49.902612, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:49.902653, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:49.902693, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:49.902733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:49.902773, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:49.902816, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.902894, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011a-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.903070, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011a-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.903414, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.903491, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.903538, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.903579, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:49.903621, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.903680, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:49.903723, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:49.903765, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:49.903807, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:49.903849, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:49.903891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:49.903933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:49.903976, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:49.904018, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:49.904061, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:49.904103, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:49.904145, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:49.904187, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:49.904231, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:49.904452, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011a-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.904810, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.904887, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.904926, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.904972, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:49.909433, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011a-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.909571, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.909649, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.909726, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.909770, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:49.909812, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.909975, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000119-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.910104, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.910182, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.910265, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.910306, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:49.910347, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.910510, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000118-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.910640, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.910717, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.910793, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.910837, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:49.910878, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.911039, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000117-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.911169, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.911246, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.911322, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.911363, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:49.911429, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.911593, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:49.911749, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:49.916817, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:49.916882, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.916928, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:49.917154, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:49.917199, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:49.917242, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:49.917285, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:49.917340, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:49.926796, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 1024 bytes. There is more data outstanding +[2013/11/07 07:38:49.926843, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK +[2013/11/07 07:38:49.926899, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW +[2013/11/07 07:38:49.926943, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:49.926990, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/196/127 +[2013/11/07 07:38:49.928604, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.928685, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 196 (position 196) from bitmap +[2013/11/07 07:38:49.928738, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 196 +[2013/11/07 07:38:49.928806, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.928851, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.929907, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.930120, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.930172, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 196, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.930215, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 3115505686 +[2013/11/07 07:38:49.930263, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 3112 +[2013/11/07 07:38:49.930307, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. +[2013/11/07 07:38:49.930354, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:49.930572, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 3112 bytes. There is more data outstanding +[2013/11/07 07:38:49.930617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:49.930662, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/197/127 +[2013/11/07 07:38:49.934319, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:49.934398, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 197 (position 197) from bitmap +[2013/11/07 07:38:49.934441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 197 +[2013/11/07 07:38:49.934503, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.934547, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.935388, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.935978, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:49.936036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 197, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:49.936080, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3115505686 +[2013/11/07 07:38:49.936127, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 4156 +[2013/11/07 07:38:49.936168, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 4156 +[2013/11/07 07:38:49.936241, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4156 +[2013/11/07 07:38:49.936282, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 +[2013/11/07 07:38:49.936321, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:49.936363, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:49.936400, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:49.936439, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 +[2013/11/07 07:38:49.936482, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:49.936520, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 4140 +[2013/11/07 07:38:49.936568, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 +[2013/11/07 07:38:49.936612, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:49.936664, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x103c (4156) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00001024 (4132) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4132 + [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [1020] 00 10 00 00 .... +[2013/11/07 07:38:49.949050, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:49.949108, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:49.949170, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.949232, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.949289, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:49.950187, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:49.950380, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:49.950425, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER +[2013/11/07 07:38:49.950469, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[8].fn == 0x7f375c260f10 +[2013/11/07 07:38:49.950518, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + in: struct spoolss_GetPrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000114-0000-0000-7b52-7935c5510000 + level : 0x00000002 (2) + buffer : * + buffer : DATA_BLOB length=4096 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + offered : 0x00001000 (4096) +[2013/11/07 07:38:49.959750, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.959836, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.959953, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:49.960093, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:49.960151, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:49.960193, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:49.960294, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:49.960368, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.960610, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:49.960655, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.960701, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:49.960741, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:49.960780, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:49.960819, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:49.960981, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:49.961027, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:49.961072, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:49.961113, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:49.961153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.961190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:49.961272, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.961352, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011b-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.961649, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011b-0000-0000-7b52-7935c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.962107, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.962189, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:49.962230, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:49.962273, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.962312, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.962353, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.962390, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.962462, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:49.962505, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:49.962547, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.962585, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.962625, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.962662, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.962724, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:49.962766, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:49.962808, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.962846, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.962887, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.962931, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.962990, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:49.963031, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:49.963074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.963112, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.963153, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.963190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.963263, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:49.963305, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:49.963348, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.963387, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.963429, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.963467, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.963527, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:49.963569, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:49.963612, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.963651, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.963693, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.963730, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.963797, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:49.963846, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:49.963890, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.963929, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.963971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.964009, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.964078, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:49.964120, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:49.964161, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:49.964201, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:49.964241, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:49.964281, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:49.964324, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.964402, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.964576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:49.964792, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.964882, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:49.964925, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.964989, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:49.965033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:49.965075, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:49.965117, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:49.965159, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:49.965201, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:49.965244, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:49.965287, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:49.965329, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:49.965427, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:49.965473, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:49.965516, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:49.965558, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:49.965602, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.965667, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:49.966126, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.966505, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.966583, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.966630, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.967025, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.967407, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.967484, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.967528, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:49.967949, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.968325, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.968411, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.968456, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:49.968915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.969288, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.969413, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.969461, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.969864, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.970240, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.970318, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.970362, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:49.971324, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.971697, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.971774, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.971819, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.972448, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.972819, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.972895, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.972940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.973675, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.974050, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.974128, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.974173, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.974576, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.974949, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.975026, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.975071, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:49.979642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.980019, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.980096, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.980142, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:49.980773, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.981145, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.981222, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.981267, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.981705, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.982088, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.982166, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.982213, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.982606, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:49.982985, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.983062, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.983108, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:49.983537, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.983884, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.983962, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.984003, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.984048, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:49.984089, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:49.984316, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.984544, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:49.984586, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:49.984630, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:49.984668, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:49.984708, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.984746, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:49.984826, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.984906, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011d-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.985072, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011d-0000-0000-7b52-7935c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:49.985583, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.985666, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:49.985707, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:49.985749, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.985787, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.985827, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.985865, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:49.985932, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:49.985974, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:49.986015, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.986054, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.986094, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.986131, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:49.986192, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:49.986233, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:49.986275, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.986313, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.986353, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.986398, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:49.986457, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:49.986498, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:49.986540, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.986578, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.986619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.986656, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:49.986727, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:49.986768, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:49.986810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.986851, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.986894, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.986931, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:49.986991, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:49.987033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:49.987077, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.987116, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.987158, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.987196, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:49.987261, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:49.987311, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:49.987357, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.987397, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.987439, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:49.987477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.987546, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:49.987588, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:49.987629, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:49.987668, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:49.987708, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:49.987748, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:49.987791, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.987868, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011e-0000-0000-7b52-7935c5510000 + result : WERR_OK +[2013/11/07 07:38:49.988045, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011e-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.988393, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.988470, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.988510, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.988550, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:49.988592, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.988674, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:49.988718, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:49.988772, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:49.988815, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:49.988867, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:49.988911, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:49.988953, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:49.988996, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:49.989039, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:49.989081, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:49.989124, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:49.989166, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:49.989216, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:49.989260, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:49.989532, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011e-0000-0000-7b52-7935c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:49.989890, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.989967, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:49.990007, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:49.990052, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:49.994441, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011e-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.994575, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.994654, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.994731, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.994775, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:49.994817, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.994980, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011d-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.995111, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.995196, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.995272, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.995312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:49.995353, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.995516, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011c-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.995646, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.995724, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.995800, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.995843, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:49.995884, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.996046, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011b-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:49.996175, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.996261, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:49.996337, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:49.996378, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:49.996440, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:49.996604, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:49.996761, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_GetPrinter: struct spoolss_GetPrinter + out: struct spoolss_GetPrinter + info : * + info : union spoolss_PrinterInfo(case 2) + info2: struct spoolss_PrinterInfo2 + servername : * + servername : '\\MEMBER43' + printername : * + printername : '\\MEMBER43\printer7' + sharename : * + sharename : 'printer7' + portname : * + portname : 'Samba Printer Port' + drivername : * + drivername : '' + comment : * + comment : '' + location : * + location : '' + devmode : * + devmode: struct spoolss_DeviceMode + devicename : '\\MEMBER43\printer7' + specversion : DMSPEC_NT4_AND_ABOVE (1025) + driverversion : 0x0400 (1024) + size : 0x00dc (220) + __driverextra_length : 0x0000 (0) + fields : 0x00014713 (83731) + 1: DEVMODE_ORIENTATION + 1: DEVMODE_PAPERSIZE + 0: DEVMODE_PAPERLENGTH + 0: DEVMODE_PAPERWIDTH + 1: DEVMODE_SCALE + 0: DEVMODE_POSITION + 0: DEVMODE_NUP + 1: DEVMODE_COPIES + 1: DEVMODE_DEFAULTSOURCE + 1: DEVMODE_PRINTQUALITY + 0: DEVMODE_COLOR + 0: DEVMODE_DUPLEX + 0: DEVMODE_YRESOLUTION + 1: DEVMODE_TTOPTION + 0: DEVMODE_COLLATE + 1: DEVMODE_FORMNAME + 0: DEVMODE_LOGPIXELS + 0: DEVMODE_BITSPERPEL + 0: DEVMODE_PELSWIDTH + 0: DEVMODE_PELSHEIGHT + 0: DEVMODE_DISPLAYFLAGS + 0: DEVMODE_DISPLAYFREQUENCY + 0: DEVMODE_ICMMETHOD + 0: DEVMODE_ICMINTENT + 0: DEVMODE_MEDIATYPE + 0: DEVMODE_DITHERTYPE + 0: DEVMODE_PANNINGWIDTH + 0: DEVMODE_PANNINGHEIGHT + orientation : DMORIENT_PORTRAIT (1) + papersize : DMPAPER_LETTER (1) + paperlength : 0x0000 (0) + paperwidth : 0x0000 (0) + scale : 0x0064 (100) + copies : 0x0001 (1) + defaultsource : DMBIN_FORMSOURCE (15) + printquality : DMRES_HIGH (65532) + color : DMRES_MONOCHROME (1) + duplex : DMDUP_SIMPLEX (1) + yresolution : 0x0000 (0) + ttoption : DMTT_SUBDEV (3) + collate : DMCOLLATE_FALSE (0) + formname : 'Letter' + logpixels : 0x0000 (0) + bitsperpel : 0x00000000 (0) + pelswidth : 0x00000000 (0) + pelsheight : 0x00000000 (0) + displayflags : UNKNOWN_ENUM_VALUE (0) + displayfrequency : 0x00000000 (0) + icmmethod : UNKNOWN_ENUM_VALUE (0) + icmintent : UNKNOWN_ENUM_VALUE (0) + mediatype : UNKNOWN_ENUM_VALUE (0) + dithertype : UNKNOWN_ENUM_VALUE (0) + reserved1 : 0x00000000 (0) + reserved2 : 0x00000000 (0) + panningwidth : 0x00000000 (0) + panningheight : 0x00000000 (0) + driverextra_data : DATA_BLOB length=0 + sepfile : * + sepfile : '' + printprocessor : * + printprocessor : 'winprint' + datatype : * + datatype : 'RAW' + parameters : * + parameters : '' + secdesc : * + secdesc: struct security_descriptor + revision : SECURITY_DESCRIPTOR_REVISION_1 (1) + type : 0x8004 (32772) + 0: SEC_DESC_OWNER_DEFAULTED + 0: SEC_DESC_GROUP_DEFAULTED + 1: SEC_DESC_DACL_PRESENT + 0: SEC_DESC_DACL_DEFAULTED + 0: SEC_DESC_SACL_PRESENT + 0: SEC_DESC_SACL_DEFAULTED + 0: SEC_DESC_DACL_TRUSTED + 0: SEC_DESC_SERVER_SECURITY + 0: SEC_DESC_DACL_AUTO_INHERIT_REQ + 0: SEC_DESC_SACL_AUTO_INHERIT_REQ + 0: SEC_DESC_DACL_AUTO_INHERITED + 0: SEC_DESC_SACL_AUTO_INHERITED + 0: SEC_DESC_DACL_PROTECTED + 0: SEC_DESC_SACL_PROTECTED + 0: SEC_DESC_RM_CONTROL_VALID + 1: SEC_DESC_SELF_RELATIVE + owner_sid : * + owner_sid : S-1-5-32-544 + group_sid : * + group_sid : S-1-5-32-544 + sacl : NULL + dacl : * + dacl: struct security_acl + revision : SECURITY_ACL_REVISION_NT4 (2) + size : 0x00c4 (196) + num_aces : 0x00000007 (7) + aces: ARRAY(7) + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0014 (20) + access_mask : 0x20020008 (537001992) + object : union security_ace_object_ctr(case 0) + trustee : S-1-1-0 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0024 (36) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-21-1376953716-2413384141-3399758289-500 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-544 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x09 (9) + 1: SEC_ACE_FLAG_OBJECT_INHERIT + 0: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 1: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + aces: struct security_ace + type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) + flags : 0x02 (2) + 0: SEC_ACE_FLAG_OBJECT_INHERIT + 1: SEC_ACE_FLAG_CONTAINER_INHERIT + 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT + 0: SEC_ACE_FLAG_INHERIT_ONLY + 0: SEC_ACE_FLAG_INHERITED_ACE + 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) + 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS + 0: SEC_ACE_FLAG_FAILED_ACCESS + size : 0x0018 (24) + access_mask : 0x100f000c (269418508) + object : union security_ace_object_ctr(case 0) + trustee : S-1-5-32-550 + attributes : 0x00001048 (4168) + 0: PRINTER_ATTRIBUTE_QUEUED + 0: PRINTER_ATTRIBUTE_DIRECT + 0: PRINTER_ATTRIBUTE_DEFAULT + 1: PRINTER_ATTRIBUTE_SHARED + 0: PRINTER_ATTRIBUTE_NETWORK + 0: PRINTER_ATTRIBUTE_HIDDEN + 1: PRINTER_ATTRIBUTE_LOCAL + 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ + 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS + 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST + 0: PRINTER_ATTRIBUTE_WORK_OFFLINE + 0: PRINTER_ATTRIBUTE_ENABLE_BIDI + 1: PRINTER_ATTRIBUTE_RAW_ONLY + 0: PRINTER_ATTRIBUTE_PUBLISHED + 0: PRINTER_ATTRIBUTE_FAX + 0: PRINTER_ATTRIBUTE_TS + priority : 0x00000001 (1) + defaultpriority : 0x00000001 (1) + starttime : 0x00000000 (0) + untiltime : 0x00000000 (0) + status : 0x00000000 (0) + 0: PRINTER_STATUS_PAUSED + 0: PRINTER_STATUS_ERROR + 0: PRINTER_STATUS_PENDING_DELETION + 0: PRINTER_STATUS_PAPER_JAM + 0: PRINTER_STATUS_PAPER_OUT + 0: PRINTER_STATUS_MANUAL_FEED + 0: PRINTER_STATUS_PAPER_PROBLEM + 0: PRINTER_STATUS_OFFLINE + 0: PRINTER_STATUS_IO_ACTIVE + 0: PRINTER_STATUS_BUSY + 0: PRINTER_STATUS_PRINTING + 0: PRINTER_STATUS_OUTPUT_BIN_FULL + 0: PRINTER_STATUS_NOT_AVAILABLE + 0: PRINTER_STATUS_WAITING + 0: PRINTER_STATUS_PROCESSING + 0: PRINTER_STATUS_INITIALIZING + 0: PRINTER_STATUS_WARMING_UP + 0: PRINTER_STATUS_TONER_LOW + 0: PRINTER_STATUS_NO_TONER + 0: PRINTER_STATUS_PAGE_PUNT + 0: PRINTER_STATUS_USER_INTERVENTION + 0: PRINTER_STATUS_OUT_OF_MEMORY + 0: PRINTER_STATUS_DOOR_OPEN + 0: PRINTER_STATUS_SERVER_UNKNOWN + 0: PRINTER_STATUS_POWER_SAVE + cjobs : 0x00000000 (0) + averageppm : 0x00000000 (0) + needed : * + needed : 0x000002f8 (760) + result : WERR_OK +[2013/11/07 07:38:50.001866, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:50.001934, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.001980, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 4140 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 4156 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.002208, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 4156 +[2013/11/07 07:38:50.002255, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:50.002300, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:50.002343, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. +[2013/11/07 07:38:50.002399, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x1028 (4136) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00001010 (4112) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=4112 + [0000] 04 00 02 00 00 10 00 00 EA 0F 00 00 C2 0F 00 00 ........ ........ + [0010] B0 0F 00 00 8A 0F 00 00 88 0F 00 00 86 0F 00 00 ........ ........ + [0020] 84 0F 00 00 88 0E 00 00 82 0F 00 00 70 0F 00 00 ........ ....p... + [0030] 68 0F 00 00 66 0F 00 00 90 0D 00 00 48 10 00 00 h...f... ....H... + [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0D90] 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 00 ........ ........ + [0DA0] E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 00 ........ ........ + [0DB0] 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 00 ........ ... .... + [0DC0] 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F 10 ........ ..$..... + [0DD0] 01 05 00 00 00 00 00 05 15 00 00 00 74 A5 12 52 ........ ....t..R + [0DE0] CD 51 D9 8F D1 31 A4 CA F4 01 00 00 00 02 24 00 .Q...1.. ......$. + [0DF0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ + [0E00] 74 A5 12 52 CD 51 D9 8F D1 31 A4 CA F4 01 00 00 t..R.Q.. .1...... + [0E10] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E20] 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F 10 ... ... ........ + [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E40] 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ + [0E50] 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F 10 ...&... ........ + [0E60] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... + [0E70] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E80] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... + [0E90] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0EA0] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0EB0] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0ED0] 01 04 00 04 DC 00 00 00 13 47 01 00 01 00 01 00 ........ .G...... + [0EE0] 00 00 00 00 64 00 01 00 0F 00 FC FF 01 00 01 00 ....d... ........ + [0EF0] 00 00 03 00 00 00 4C 00 65 00 74 00 74 00 65 00 ......L. e.t.t.e. + [0F00] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........ + [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0F70] 52 00 41 00 57 00 00 00 77 00 69 00 6E 00 70 00 R.A.W... w.i.n.p. + [0F80] 72 00 69 00 6E 00 74 00 00 00 00 00 00 00 00 00 r.i.n.t. ........ + [0F90] 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 50 00 ..S.a.m. b.a. .P. + [0FA0] 72 00 69 00 6E 00 74 00 65 00 72 00 20 00 50 00 r.i.n.t. e.r. .P. + [0FB0] 6F 00 72 00 74 00 00 00 70 00 72 00 69 00 6E 00 o.r.t... p.r.i.n. + [0FC0] 74 00 65 00 72 00 37 00 00 00 5C 00 5C 00 4D 00 t.e.r.7. ..\.\.M. + [0FD0] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 5C 00 E.M.B.E. R.4.3.\. + [0FE0] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 37 00 p.r.i.n. t.e.r.7. + [0FF0] 00 00 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 ..\.\.M. E.M.B.E. + [1000] 52 00 34 00 33 00 00 00 F8 02 00 00 00 00 00 00 R.4.3... ........ +[2013/11/07 07:38:50.011756, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 1308 +[2013/11/07 07:38:50.011815, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 4136 bytes. There is no more data outstanding +[2013/11/07 07:38:50.011858, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:50.011907, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK +[2013/11/07 07:38:50.011951, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:50.011998, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/198/127 +[2013/11/07 07:38:50.016712, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.016952, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 198 (position 198) from bitmap +[2013/11/07 07:38:50.017082, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 198 +[2013/11/07 07:38:50.017231, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.017356, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.019425, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.019978, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.020108, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 198, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.020213, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3115505686 +[2013/11/07 07:38:50.020327, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:50.020428, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:50.020528, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:50.020624, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:50.020722, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:50.020825, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:50.020918, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:50.021011, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:50.021115, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:50.021209, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:50.021302, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:50.021604, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:50.021728, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.022922, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:50.023023, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:50.023128, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.023281, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.023386, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.025313, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.025910, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:50.026025, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:50.026136, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:50.026245, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000114-0000-0000-7b52-7935c5510000 +[2013/11/07 07:38:50.026575, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.026772, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.026963, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 79 35 ........ ....{Ry5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.027153, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.027253, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.027624, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:50.027749, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.027854, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.028371, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:50.028502, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 +[2013/11/07 07:38:50.028610, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 4136 +[2013/11/07 07:38:50.028714, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:50.028841, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000005 (5) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:50.030419, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:50.030556, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:50.030661, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:50.030777, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:50.030880, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:50.030991, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/199/127 +[2013/11/07 07:38:50.031329, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.031449, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 199 (position 199) from bitmap +[2013/11/07 07:38:50.031552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 199 +[2013/11/07 07:38:50.031683, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.031817, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.033740, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.033934, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.033989, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) + smbd_smb2_create: name[spoolss] +[2013/11/07 07:38:50.034044, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.034086, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:50.034131, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key E8FF21C5 +[2013/11/07 07:38:50.034189, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d35c330 +[2013/11/07 07:38:50.034269, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) +[2013/11/07 07:38:50.034296, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) + smbXsrv_open_global_store: key 'E8FF21C5' stored +[2013/11/07 07:38:50.034337, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &global_blob: struct smbXsrv_open_globalB + version : SMBXSRV_VERSION_0 (0) + seqnum : 0x00000001 (1) + info : union smbXsrv_open_globalU(case 0) + info0 : * + info0: struct smbXsrv_open_global0 + db_rec : * + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xe8ff21c5 (3909034437) + open_persistent_id : 0x00000000e8ff21c5 (3909034437) + open_volatile_id : 0x00000000a04f134c (2689536844) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:50 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 +[2013/11/07 07:38:50.034813, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key E8FF21C5 +[2013/11/07 07:38:50.034855, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.034895, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:50.034936, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) +[2013/11/07 07:38:50.034960, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) + smbXsrv_open_create: global_id (0xe8ff21c5) stored +[2013/11/07 07:38:50.034998, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &open_blob: struct smbXsrv_openB + version : SMBXSRV_VERSION_0 (0) + reserved : 0x00000000 (0) + info : union smbXsrv_openU(case 0) + info0 : * + info0: struct smbXsrv_open + table : * + db_rec : NULL + local_id : 0xa04f134c (2689536844) + global : * + global: struct smbXsrv_open_global0 + db_rec : NULL + server_id: struct server_id + pid : 0x00000000000051c5 (20933) + task_id : 0x00000000 (0) + vnn : 0xffffffff (4294967295) + unique_id : 0x6b1fb19d3b3a8ed6 (7719083575197994710) + open_global_id : 0xe8ff21c5 (3909034437) + open_persistent_id : 0x00000000e8ff21c5 (3909034437) + open_volatile_id : 0x00000000a04f134c (2689536844) + open_owner : S-1-5-21-1376953716-2413384141-3399758289-500 + open_time : Do Nov 7 07:38:50 2013 CET + create_guid : 00000000-0000-0000-0000-000000000000 + client_guid : b913ae79-46f9-11e3-be6f-52540018a0ea + app_instance_id : 00000000-0000-0000-0000-000000000000 + disconnect_time : NTTIME(0) + durable_timeout_msec : 0x00000000 (0) + durable : 0x00 (0) + backend_cookie : DATA_BLOB length=0 + status : NT_STATUS_OK + idle_time : Do Nov 7 07:38:50 2013 CET + compat : NULL +[2013/11/07 07:38:50.035605, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:125(file_new) + allocated file structure fnum 2689536844 (6 used) +[2013/11/07 07:38:50.035653, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:713(file_name_hash) + file_name_hash: /tmp/spoolss hash 0x7d4e46e5 +[2013/11/07 07:38:50.035714, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \spoolss +[2013/11/07 07:38:50.035765, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 26 for pipe \spoolss +[2013/11/07 07:38:50.035869, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \spoolss +[2013/11/07 07:38:50.035913, 8, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/dosmode.c:631(dos_mode) + dos_mode: spoolss +[2013/11/07 07:38:50.035970, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) + smbd_smb2_create_send: spoolss - fnum 2689536844 +[2013/11/07 07:38:50.036031, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 +[2013/11/07 07:38:50.036077, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/200/127 +[2013/11/07 07:38:50.039981, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.040084, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 200 (position 200) from bitmap +[2013/11/07 07:38:50.040128, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 200 +[2013/11/07 07:38:50.040188, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.040232, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.041049, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.041243, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.041294, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 3115505686 +[2013/11/07 07:38:50.041345, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.041442, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:50.041488, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key 0C0FB5EB +[2013/11/07 07:38:50.041543, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d355910 +[2013/11/07 07:38:50.041598, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key 0C0FB5EB +[2013/11/07 07:38:50.041640, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.041679, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:50.041737, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 3115505686 (5 used) +[2013/11/07 07:38:50.041801, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:50.041848, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/201/127 +[2013/11/07 07:38:50.043806, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.044036, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 201 (position 201) from bitmap +[2013/11/07 07:38:50.044182, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 201 +[2013/11/07 07:38:50.044440, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.044558, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.046649, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.047130, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.047251, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 201, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.047355, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) + smbd_smb2_write: spoolss - fnum 2689536844 +[2013/11/07 07:38:50.047470, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 160 +[2013/11/07 07:38:50.047572, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 160 +[2013/11/07 07:38:50.047668, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 +[2013/11/07 07:38:50.047788, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:50.047892, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:50.047986, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:50.048081, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 +[2013/11/07 07:38:50.048183, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:50.048277, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 144 +[2013/11/07 07:38:50.048370, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 +[2013/11/07 07:38:50.048473, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:50.048594, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x03 (3) + ctx_list: ARRAY(3) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0001 (1) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 71710533-beba-4937-8319-b5dbef9ccc36 + if_version : 0x00000001 (1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0002 (2) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345678-1234-abcd-ef00-0123456789ab + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 6cb71c2c-9812-4540-0300-000000000000 + if_version : 0x00000001 (1) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:50.050995, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 11 +[2013/11/07 07:38:50.051104, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) + api_pipe_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:50.051207, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) + api_pipe_bind_req: make response. 724 +[2013/11/07 07:38:50.051306, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) + check_bind_req for \spoolss +[2013/11/07 07:38:50.051414, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) + check_bind_req: spoolss -> spoolss rpc service +[2013/11/07 07:38:50.051519, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 26 for pipe \spoolss +[2013/11/07 07:38:50.051662, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0044 (68) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000e (14) + secondary_address : '\PIPE\spoolss' + _pad1 : DATA_BLOB length=0 + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=0 +[2013/11/07 07:38:50.052951, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 144 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 160 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.053607, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 +[2013/11/07 07:38:50.053727, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/202/127 +[2013/11/07 07:38:50.055487, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.055664, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 202 (position 202) from bitmap +[2013/11/07 07:38:50.055772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 202 +[2013/11/07 07:38:50.055903, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.056026, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.058064, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.058541, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.058690, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 202, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.058795, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) + smbd_smb2_read: spoolss - fnum 2689536844 +[2013/11/07 07:38:50.058911, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:50.059021, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) + read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. +[2013/11/07 07:38:50.059132, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 48 + req->in.vector[4].iov_len = 1 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.059649, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 68 bytes. There is no more data outstanding +[2013/11/07 07:38:50.059759, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 +[2013/11/07 07:38:50.059870, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/203/127 +[2013/11/07 07:38:50.062532, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.062755, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 203 (position 203) from bitmap +[2013/11/07 07:38:50.062868, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 203 +[2013/11/07 07:38:50.063107, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.063224, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.066097, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.066595, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.066720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 203, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.066827, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2689536844 +[2013/11/07 07:38:50.066944, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 222 +[2013/11/07 07:38:50.067132, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 222 +[2013/11/07 07:38:50.067238, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 222 +[2013/11/07 07:38:50.067334, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 222 +[2013/11/07 07:38:50.067434, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 222, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:50.067536, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:50.067628, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:50.067722, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 206 +[2013/11/07 07:38:50.067826, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:50.067921, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 206 +[2013/11/07 07:38:50.068033, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 206, incoming data = 206 +[2013/11/07 07:38:50.068160, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:50.068278, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00de (222) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x000000c6 (198) + context_id : 0x0000 (0) + opnum : 0x0045 (69) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=198 + [0000] 00 00 02 00 14 00 00 00 00 00 00 00 14 00 00 00 ........ ........ + [0010] 5C 00 5C 00 4D 00 45 00 4D 00 42 00 45 00 52 00 \.\.M.E. M.B.E.R. + [0020] 34 00 33 00 5C 00 70 00 72 00 69 00 6E 00 74 00 4.3.\.p. r.i.n.t. + [0030] 65 00 72 00 37 00 00 00 00 00 00 00 00 00 00 00 e.r.7... ........ + [0040] 00 00 00 00 08 00 00 00 01 00 00 00 01 00 00 00 ........ ........ + [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ + [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ + [0070] 0A 00 00 00 00 00 00 00 0A 00 00 00 57 00 49 00 ........ ....W.I. + [0080] 4E 00 38 00 31 00 2D 00 32 00 33 00 39 00 00 00 N.8.1.-. 2.3.9... + [0090] 15 00 00 00 00 00 00 00 15 00 00 00 41 00 52 00 ........ ....A.R. + [00A0] 33 00 32 00 49 00 38 00 5C 00 41 00 64 00 6D 00 3.2.I.8. \.A.d.m. + [00B0] 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s. t.r.a.t. + [00C0] 6F 00 72 00 00 00 o.r... +[2013/11/07 07:38:50.070504, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:50.070605, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:50.070711, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.070826, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.070928, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.072853, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.073324, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:50.073540, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX +[2013/11/07 07:38:50.073654, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[69].fn == 0x7f375c256d40 +[2013/11/07 07:38:50.073785, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + in: struct spoolss_OpenPrinterEx + printername : * + printername : '\\MEMBER43\printer7' + datatype : NULL + devmode_ctr: struct spoolss_DevmodeContainer + _ndr_size : 0x00000000 (0) + devmode : NULL + access_mask : 0x00000008 (8) + 0: SERVER_ACCESS_ADMINISTER + 0: SERVER_ACCESS_ENUMERATE + 0: PRINTER_ACCESS_ADMINISTER + 1: PRINTER_ACCESS_USE + 0: JOB_ACCESS_ADMINISTER + 0: JOB_ACCESS_READ + userlevel_ctr: struct spoolss_UserLevelCtr + level : 0x00000001 (1) + user_info : union spoolss_UserLevel(case 1) + level1 : * + level1: struct spoolss_UserLevel1 + size : 0x00000028 (40) + client : * + client : 'WIN81-239' + user : * + user : 'AR32I8\Administrator' + build : 0x00002580 (9600) + major : UNKNOWN_ENUM_VALUE (3) + minor : SPOOLSS_MINOR_VERSION_0 (0) + processor : PROCESSOR_ARCHITECTURE_AMD64 (9) + checking name: \\MEMBER43\printer7 +[2013/11/07 07:38:50.075125, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) + open_printer_hnd: name [\\MEMBER43\printer7] +[2013/11/07 07:38:50.075246, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[5] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.075445, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) + Setting printer type=\\MEMBER43\printer7 + Printer is a printer +[2013/11/07 07:38:50.075579, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) + Setting printer name=\\MEMBER43\printer7 (len=19) + searching for [printer7] +[2013/11/07 07:38:50.075796, 10, pid=20933, effective(0, 5000), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) + Did not store value for PRINTERNAME/printer7, we already got it + set_printer_hnd_name: Printer found: printer7 -> printer7 +[2013/11/07 07:38:50.075939, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) + 5 printer handles active +[2013/11/07 07:38:50.076038, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.076232, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.076422, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:50.076567, 3, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/access.c:338(allow_access) + Allowed connection from 10.200.8.239 (10.200.8.239) +[2013/11/07 07:38:50.076914, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) + user_ok_token: share printer7 is ok for unix user root +[2013/11/07 07:38:50.077043, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) + Setting printer access = PRINTER_ACCESS_USE +[2013/11/07 07:38:50.077270, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:50.077514, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:50.077633, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:50.077833, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:50.077991, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.078583, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:50.078693, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:50.078804, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.078904, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:50.079001, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:50.079096, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:50.079419, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.079533, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:50.079644, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:50.079741, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:50.079842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.079939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:50.080292, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 7A 35 .... ... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.080499, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000120-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.080951, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000120-0000-0000-7b52-7a35c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.081961, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 7A 35 .... ... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.082044, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:50.082086, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:50.082129, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.082167, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.082209, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.082247, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.082318, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:50.082361, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:50.082403, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.082441, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.082482, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.082520, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.082581, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:50.082623, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:50.082666, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.082704, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.082752, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.082790, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.082849, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:50.082891, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:50.082933, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.082971, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.083012, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.083049, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.083122, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:50.083164, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:50.083207, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.083246, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.083288, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.083326, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.083387, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:50.083429, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:50.083472, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.083512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.083554, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.083591, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.083667, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:50.083709, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:50.083752, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.083791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.083834, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.083871, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.083939, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:50.083982, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:50.084022, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:50.084062, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:50.084102, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:50.084141, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:50.084185, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 7A 35 ....!... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.084263, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000121-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.084425, 2, pid=20933, effective(0, 5000), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) + winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7 already exists +[2013/11/07 07:38:50.084483, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000121-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.084613, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 7A 35 ....!... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.084702, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 7A 35 ....!... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.084779, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.084819, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:50.084859, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.085022, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000120-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.085151, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 7A 35 .... ... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.085229, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 7A 35 .... ... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.085305, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.085346, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:50.085467, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.085629, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:50.085679, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx + out: struct spoolss_OpenPrinterEx + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011f-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.085839, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:50.085893, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.085936, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 206 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 222 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.086147, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 222 +[2013/11/07 07:38:50.086189, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:50.086232, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:50.086274, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:50.086326, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000002 (2) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 00 00 00 00 .Q...... +[2013/11/07 07:38:50.086740, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 68 +[2013/11/07 07:38:50.086790, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:50.086830, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:50.086877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:50.086919, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:50.086972, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/204/127 +[2013/11/07 07:38:50.089446, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.089572, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 204 (position 204) from bitmap +[2013/11/07 07:38:50.089617, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 204 +[2013/11/07 07:38:50.089673, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.089717, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.090509, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.090699, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.090748, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 204, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.090790, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2689536844 +[2013/11/07 07:38:50.090849, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 64 +[2013/11/07 07:38:50.090890, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 64 +[2013/11/07 07:38:50.090931, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 64 +[2013/11/07 07:38:50.090971, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 +[2013/11/07 07:38:50.091010, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:50.091051, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:50.091088, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 48 +[2013/11/07 07:38:50.091126, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 +[2013/11/07 07:38:50.091167, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:50.091206, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 48 +[2013/11/07 07:38:50.091244, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 +[2013/11/07 07:38:50.091285, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:50.091331, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0040 (64) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000028 (40) + context_id : 0x0000 (0) + opnum : 0x0004 (4) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=40 + [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 00 00 00 00 FF FF FF FF 04 00 00 00 .Q...... ........ + [0020] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:50.091815, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:50.091861, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:50.091904, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.091949, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.091989, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.092748, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.092935, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:50.092978, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS +[2013/11/07 07:38:50.093021, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[4].fn == 0x7f375c2619b0 +[2013/11/07 07:38:50.093067, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + in: struct spoolss_EnumJobs + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011f-0000-0000-7b52-7a35c5510000 + firstjob : 0x00000000 (0) + numjobs : 0xffffffff (4294967295) + level : 0x00000004 (4) + buffer : NULL + offered : 0x00000000 (0) +[2013/11/07 07:38:50.093288, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:7299(_spoolss_EnumJobs) + _spoolss_EnumJobs +[2013/11/07 07:38:50.093329, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.093573, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) + short name:printer7 +[2013/11/07 07:38:50.093747, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) + Create pipe requested \winreg +[2013/11/07 07:38:50.093803, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) + init_pipe_handle_list: created handle list for pipe \winreg +[2013/11/07 07:38:50.093846, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) + init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg +[2013/11/07 07:38:50.093920, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) + Created internal pipe \winreg +[2013/11/07 07:38:50.093986, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.094210, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:50.094253, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:50.094296, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) + push_conn_ctx(1804507171) : conn_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.094335, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 +[2013/11/07 07:38:50.094373, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:50.094412, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:50.094536, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.094580, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) + regdb_open: registry db opened. refcount reset (1) +[2013/11/07 07:38:50.094624, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:50.094675, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:50.094715, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.094753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:50.094824, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[1] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 7A 35 ...."... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.094905, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000122-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.095081, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000122-0000-0000-7b52-7a35c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.095520, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 7A 35 ...."... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.095600, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:50.095640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (1->2) +[2013/11/07 07:38:50.095683, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.095720, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.095760, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.095806, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.095874, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:50.095916, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:50.095958, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.095997, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.096037, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.096074, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.096134, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:50.096175, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:50.096218, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.096257, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.096297, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.096335, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.096393, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:50.096434, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:50.096477, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.096516, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.096557, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.096595, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.096666, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:50.096738, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:50.096789, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.096841, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.096884, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.096921, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.096981, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:50.097023, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:50.097065, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.097104, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.097146, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.097184, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.097250, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:50.097303, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:50.097348, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.097446, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.097491, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.097529, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.097598, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:50.097640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:50.097681, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:50.097729, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:50.097769, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:50.097810, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:50.097854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[2] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.097932, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.098107, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + in: struct winreg_QueryInfoKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL +[2013/11/07 07:38:50.098323, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.098405, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:50.098447, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.098512, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:50.098555, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:50.098598, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:50.098640, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:50.098683, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:50.098733, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:50.098776, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:50.098818, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:50.098861, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:50.098905, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:50.098947, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:50.098990, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:50.099033, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:50.099075, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) + regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.099140, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryInfoKey: struct winreg_QueryInfoKey + out: struct winreg_QueryInfoKey + classname : * + classname: struct winreg_String + name_len : 0x0000 (0) + name_size : 0x0000 (0) + name : NULL + num_subkeys : * + num_subkeys : 0x00000003 (3) + max_subkeylen : * + max_subkeylen : 0x00000022 (34) + max_classlen : * + max_classlen : 0x00000000 (0) + num_values : * + num_values : 0x0000000d (13) + max_valnamelen : * + max_valnamelen : 0x00000022 (34) + max_valbufsize : * + max_valbufsize : 0x000000f8 (248) + secdescsize : * + secdescsize : 0x00000078 (120) + last_changed_time : * + last_changed_time : NTTIME(0) + result : WERR_OK +[2013/11/07 07:38:50.099587, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000000 (0) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.099969, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.100047, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.100093, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Attributes' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x48 (72) + [1] : 0x10 (16) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.100491, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000001 (1) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.100862, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.100939, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.101002, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0018 (24) + size : 0x0024 (36) + name : * + name : 'Description' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(2) + [0] : 0x00 (0) + [1] : 0x00 (0) + size : * + size : 0x00000002 (2) + length : * + length : 0x00000002 (2) + result : WERR_OK +[2013/11/07 07:38:50.101449, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000002 (2) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.101827, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.101904, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.101950, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Datatype' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(8) + [0] : 0x52 (82) + [1] : 0x00 (0) + [2] : 0x41 (65) + [3] : 0x00 (0) + [4] : 0x57 (87) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + size : * + size : 0x00000008 (8) + length : * + length : 0x00000008 (8) + result : WERR_OK +[2013/11/07 07:38:50.102416, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000003 (3) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.102786, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.102863, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.102907, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0022 (34) + size : 0x0024 (36) + name : * + name : 'Default Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.103296, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000004 (4) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.103675, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.103753, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.103797, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Port' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(38) + [0] : 0x53 (83) + [1] : 0x00 (0) + [2] : 0x61 (97) + [3] : 0x00 (0) + [4] : 0x6d (109) + [5] : 0x00 (0) + [6] : 0x62 (98) + [7] : 0x00 (0) + [8] : 0x61 (97) + [9] : 0x00 (0) + [10] : 0x20 (32) + [11] : 0x00 (0) + [12] : 0x50 (80) + [13] : 0x00 (0) + [14] : 0x72 (114) + [15] : 0x00 (0) + [16] : 0x69 (105) + [17] : 0x00 (0) + [18] : 0x6e (110) + [19] : 0x00 (0) + [20] : 0x74 (116) + [21] : 0x00 (0) + [22] : 0x65 (101) + [23] : 0x00 (0) + [24] : 0x72 (114) + [25] : 0x00 (0) + [26] : 0x20 (32) + [27] : 0x00 (0) + [28] : 0x50 (80) + [29] : 0x00 (0) + [30] : 0x6f (111) + [31] : 0x00 (0) + [32] : 0x72 (114) + [33] : 0x00 (0) + [34] : 0x74 (116) + [35] : 0x00 (0) + [36] : 0x00 (0) + [37] : 0x00 (0) + size : * + size : 0x00000026 (38) + length : * + length : 0x00000026 (38) + result : WERR_OK +[2013/11/07 07:38:50.104754, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000005 (5) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.105125, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.105202, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.105246, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x000a (10) + size : 0x0024 (36) + name : * + name : 'Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:50.105940, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000006 (6) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.106321, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.106398, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.106443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0020 (32) + size : 0x0024 (36) + name : * + name : 'Print Processor' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x77 (119) + [1] : 0x00 (0) + [2] : 0x69 (105) + [3] : 0x00 (0) + [4] : 0x6e (110) + [5] : 0x00 (0) + [6] : 0x70 (112) + [7] : 0x00 (0) + [8] : 0x72 (114) + [9] : 0x00 (0) + [10] : 0x69 (105) + [11] : 0x00 (0) + [12] : 0x6e (110) + [13] : 0x00 (0) + [14] : 0x74 (116) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:50.107066, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000007 (7) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.107443, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.107520, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.107564, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Priority' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.107953, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000008 (8) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.108325, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.108411, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.108457, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + value : * + value: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:50.113031, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x00000009 (9) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.113468, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.113549, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.113595, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0016 (22) + size : 0x0024 (36) + name : * + name : 'Share Name' + type : * + type : REG_SZ (1) + value : * + value: ARRAY(18) + [0] : 0x70 (112) + [1] : 0x00 (0) + [2] : 0x72 (114) + [3] : 0x00 (0) + [4] : 0x69 (105) + [5] : 0x00 (0) + [6] : 0x6e (110) + [7] : 0x00 (0) + [8] : 0x74 (116) + [9] : 0x00 (0) + [10] : 0x65 (101) + [11] : 0x00 (0) + [12] : 0x72 (114) + [13] : 0x00 (0) + [14] : 0x37 (55) + [15] : 0x00 (0) + [16] : 0x00 (0) + [17] : 0x00 (0) + size : * + size : 0x00000012 (18) + length : * + length : 0x00000012 (18) + result : WERR_OK +[2013/11/07 07:38:50.114227, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x0000000a (10) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.114612, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.114689, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.114733, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'StartTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.115125, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x0000000b (11) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.115495, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.115572, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.115624, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0014 (20) + size : 0x0024 (36) + name : * + name : 'UntilTime' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0x00 (0) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.116015, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + in: struct winreg_EnumValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + enum_index : 0x0000000c (12) + name : * + name: struct winreg_ValNameBuf + length : 0x0002 (2) + size : 0x0024 (36) + name : * + name : '' + type : * + type : REG_NONE (0) + value : * + value: ARRAY(0) + size : * + size : 0x000000f8 (248) + length : * + length : 0x00000000 (0) +[2013/11/07 07:38:50.116385, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.116462, 8, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) + _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.116506, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_EnumValue: struct winreg_EnumValue + out: struct winreg_EnumValue + name : * + name: struct winreg_ValNameBuf + length : 0x0012 (18) + size : 0x0024 (36) + name : * + name : 'ChangeID' + type : * + type : REG_DWORD (4) + value : * + value: ARRAY(4) + [0] : 0xf1 (241) + [1] : 0x5f (95) + [2] : 0x11 (17) + [3] : 0x00 (0) + size : * + size : 0x00000004 (4) + length : * + length : 0x00000004 (4) + result : WERR_OK +[2013/11/07 07:38:50.116945, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0020 (32) + name_size : 0x0020 (32) + name : * + name : 'Default DevMode' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:50.117291, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.117490, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.117535, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:50.117581, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) + _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE +[2013/11/07 07:38:50.117621, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) + result : WERR_BADFILE +[2013/11/07 07:38:50.117845, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + in: struct winreg_OpenHKLM + system_name : NULL + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.118071, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [HKLM] +[2013/11/07 07:38:50.118112, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (2->3) +[2013/11/07 07:38:50.118164, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM] +[2013/11/07 07:38:50.118203, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM] +[2013/11/07 07:38:50.118244, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.118281, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM] +[2013/11/07 07:38:50.118354, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[3] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 7A 35 ....$... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.118435, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenHKLM: struct winreg_OpenHKLM + out: struct winreg_OpenHKLM + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000124-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.118602, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + in: struct winreg_OpenKey + parent_handle : * + parent_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000124-0000-0000-7b52-7a35c5510000 + keyname: struct winreg_String + name_len : 0x008a (138) + name_size : 0x008a (138) + name : * + name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' + options : 0x00000000 (0) + 0: REG_OPTION_VOLATILE + 0: REG_OPTION_CREATE_LINK + 0: REG_OPTION_BACKUP_RESTORE + 0: REG_OPTION_OPEN_LINK + access_mask : 0x02000000 (33554432) + 0: KEY_QUERY_VALUE + 0: KEY_SET_VALUE + 0: KEY_CREATE_SUB_KEY + 0: KEY_ENUMERATE_SUB_KEYS + 0: KEY_NOTIFY + 0: KEY_CREATE_LINK + 0: KEY_WOW64_64KEY + 0: KEY_WOW64_32KEY +[2013/11/07 07:38:50.119041, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 7A 35 ....$... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.119122, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [SOFTWARE] +[2013/11/07 07:38:50.119162, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (3->4) +[2013/11/07 07:38:50.119204, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.119241, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.119290, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.119328, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE] +[2013/11/07 07:38:50.119391, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Microsoft] +[2013/11/07 07:38:50.119432, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (4->5) +[2013/11/07 07:38:50.119474, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.119512, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.119552, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.119590, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft] +[2013/11/07 07:38:50.119650, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Windows NT] +[2013/11/07 07:38:50.119691, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (5->6) +[2013/11/07 07:38:50.119734, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.119772, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.119812, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.119850, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] +[2013/11/07 07:38:50.119907, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [CurrentVersion] +[2013/11/07 07:38:50.119948, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (6->7) +[2013/11/07 07:38:50.119991, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.120029, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.120070, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.120107, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +[2013/11/07 07:38:50.120178, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Print] +[2013/11/07 07:38:50.120227, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (7->8) +[2013/11/07 07:38:50.120270, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.120309, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.120350, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.120387, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f375c5a15c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] +[2013/11/07 07:38:50.120446, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [Printers] +[2013/11/07 07:38:50.120488, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (8->9) +[2013/11/07 07:38:50.120531, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.120569, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.120610, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.120648, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] +[2013/11/07 07:38:50.120712, 7, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) + regkey_open_onelevel: name = [printer7] +[2013/11/07 07:38:50.120753, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) + regdb_open: incrementing refcount (9->10) +[2013/11/07 07:38:50.120796, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) + reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.120836, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) + pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.120877, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) + pathtree_find: Exit +[2013/11/07 07:38:50.120914, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) + reghook_cache_find: found ops 0x7f37592edcc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.120981, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (10->9) +[2013/11/07 07:38:50.121022, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (9->8) +[2013/11/07 07:38:50.121063, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (8->7) +[2013/11/07 07:38:50.121111, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (7->6) +[2013/11/07 07:38:50.121150, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (6->5) +[2013/11/07 07:38:50.121190, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (5->4) +[2013/11/07 07:38:50.121232, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) + Opened policy hnd[4] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 7A 35 ....%... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.121310, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_OpenKey: struct winreg_OpenKey + out: struct winreg_OpenKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000125-0000-0000-7b52-7a35c5510000 + result : WERR_OK +[2013/11/07 07:38:50.121534, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000125-0000-0000-7b52-7a35c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_NONE (0) + data : NULL + data_size : * + data_size : 0x00000000 (0) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:50.121879, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 7A 35 ....%... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.121958, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.121998, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:50.122038, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) + fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7' (ops 0x7f37592edcc0) +[2013/11/07 07:38:50.122080, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) + regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.122148, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[0]: name[Attributes] len[4] +[2013/11/07 07:38:50.122192, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[1]: name[Description] len[2] +[2013/11/07 07:38:50.122235, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[2]: name[Datatype] len[8] +[2013/11/07 07:38:50.122277, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[3]: name[Default Priority] len[4] +[2013/11/07 07:38:50.122319, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[4]: name[Port] len[38] +[2013/11/07 07:38:50.122361, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[5]: name[Name] len[18] +[2013/11/07 07:38:50.122403, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[6]: name[Print Processor] len[18] +[2013/11/07 07:38:50.122446, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[7]: name[Priority] len[4] +[2013/11/07 07:38:50.122489, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[8]: name[Security] len[248] +[2013/11/07 07:38:50.122532, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[9]: name[Share Name] len[18] +[2013/11/07 07:38:50.122574, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[10]: name[StartTime] len[4] +[2013/11/07 07:38:50.122617, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[11]: name[UntilTime] len[4] +[2013/11/07 07:38:50.122659, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) + regdb_unpack_values: value[12]: name[ChangeID] len[4] +[2013/11/07 07:38:50.122703, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : NULL + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:50.122917, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + in: struct winreg_QueryValue + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000125-0000-0000-7b52-7a35c5510000 + value_name : * + value_name: struct winreg_String + name_len : 0x0012 (18) + name_size : 0x0012 (18) + name : * + name : 'Security' + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x00000000 (0) +[2013/11/07 07:38:50.123281, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 7A 35 ....%... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.123358, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) + _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer7] +[2013/11/07 07:38:50.123398, 7, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) + _winreg_QueryValue: policy key type = [00000000] +[2013/11/07 07:38:50.123443, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_QueryValue: struct winreg_QueryValue + out: struct winreg_QueryValue + type : * + type : REG_BINARY (3) + data : * + data: ARRAY(248) + [0] : 0x01 (1) + [1] : 0x00 (0) + [2] : 0x04 (4) + [3] : 0x80 (128) + [4] : 0x14 (20) + [5] : 0x00 (0) + [6] : 0x00 (0) + [7] : 0x00 (0) + [8] : 0x24 (36) + [9] : 0x00 (0) + [10] : 0x00 (0) + [11] : 0x00 (0) + [12] : 0x00 (0) + [13] : 0x00 (0) + [14] : 0x00 (0) + [15] : 0x00 (0) + [16] : 0x34 (52) + [17] : 0x00 (0) + [18] : 0x00 (0) + [19] : 0x00 (0) + [20] : 0x01 (1) + [21] : 0x02 (2) + [22] : 0x00 (0) + [23] : 0x00 (0) + [24] : 0x00 (0) + [25] : 0x00 (0) + [26] : 0x00 (0) + [27] : 0x05 (5) + [28] : 0x20 (32) + [29] : 0x00 (0) + [30] : 0x00 (0) + [31] : 0x00 (0) + [32] : 0x20 (32) + [33] : 0x02 (2) + [34] : 0x00 (0) + [35] : 0x00 (0) + [36] : 0x01 (1) + [37] : 0x02 (2) + [38] : 0x00 (0) + [39] : 0x00 (0) + [40] : 0x00 (0) + [41] : 0x00 (0) + [42] : 0x00 (0) + [43] : 0x05 (5) + [44] : 0x20 (32) + [45] : 0x00 (0) + [46] : 0x00 (0) + [47] : 0x00 (0) + [48] : 0x20 (32) + [49] : 0x02 (2) + [50] : 0x00 (0) + [51] : 0x00 (0) + [52] : 0x02 (2) + [53] : 0x00 (0) + [54] : 0xc4 (196) + [55] : 0x00 (0) + [56] : 0x07 (7) + [57] : 0x00 (0) + [58] : 0x00 (0) + [59] : 0x00 (0) + [60] : 0x00 (0) + [61] : 0x02 (2) + [62] : 0x14 (20) + [63] : 0x00 (0) + [64] : 0x08 (8) + [65] : 0x00 (0) + [66] : 0x02 (2) + [67] : 0x20 (32) + [68] : 0x01 (1) + [69] : 0x01 (1) + [70] : 0x00 (0) + [71] : 0x00 (0) + [72] : 0x00 (0) + [73] : 0x00 (0) + [74] : 0x00 (0) + [75] : 0x01 (1) + [76] : 0x00 (0) + [77] : 0x00 (0) + [78] : 0x00 (0) + [79] : 0x00 (0) + [80] : 0x00 (0) + [81] : 0x09 (9) + [82] : 0x24 (36) + [83] : 0x00 (0) + [84] : 0x0c (12) + [85] : 0x00 (0) + [86] : 0x0f (15) + [87] : 0x10 (16) + [88] : 0x01 (1) + [89] : 0x05 (5) + [90] : 0x00 (0) + [91] : 0x00 (0) + [92] : 0x00 (0) + [93] : 0x00 (0) + [94] : 0x00 (0) + [95] : 0x05 (5) + [96] : 0x15 (21) + [97] : 0x00 (0) + [98] : 0x00 (0) + [99] : 0x00 (0) + [100] : 0x74 (116) + [101] : 0xa5 (165) + [102] : 0x12 (18) + [103] : 0x52 (82) + [104] : 0xcd (205) + [105] : 0x51 (81) + [106] : 0xd9 (217) + [107] : 0x8f (143) + [108] : 0xd1 (209) + [109] : 0x31 (49) + [110] : 0xa4 (164) + [111] : 0xca (202) + [112] : 0xf4 (244) + [113] : 0x01 (1) + [114] : 0x00 (0) + [115] : 0x00 (0) + [116] : 0x00 (0) + [117] : 0x02 (2) + [118] : 0x24 (36) + [119] : 0x00 (0) + [120] : 0x0c (12) + [121] : 0x00 (0) + [122] : 0x0f (15) + [123] : 0x10 (16) + [124] : 0x01 (1) + [125] : 0x05 (5) + [126] : 0x00 (0) + [127] : 0x00 (0) + [128] : 0x00 (0) + [129] : 0x00 (0) + [130] : 0x00 (0) + [131] : 0x05 (5) + [132] : 0x15 (21) + [133] : 0x00 (0) + [134] : 0x00 (0) + [135] : 0x00 (0) + [136] : 0x74 (116) + [137] : 0xa5 (165) + [138] : 0x12 (18) + [139] : 0x52 (82) + [140] : 0xcd (205) + [141] : 0x51 (81) + [142] : 0xd9 (217) + [143] : 0x8f (143) + [144] : 0xd1 (209) + [145] : 0x31 (49) + [146] : 0xa4 (164) + [147] : 0xca (202) + [148] : 0xf4 (244) + [149] : 0x01 (1) + [150] : 0x00 (0) + [151] : 0x00 (0) + [152] : 0x00 (0) + [153] : 0x09 (9) + [154] : 0x18 (24) + [155] : 0x00 (0) + [156] : 0x0c (12) + [157] : 0x00 (0) + [158] : 0x0f (15) + [159] : 0x10 (16) + [160] : 0x01 (1) + [161] : 0x02 (2) + [162] : 0x00 (0) + [163] : 0x00 (0) + [164] : 0x00 (0) + [165] : 0x00 (0) + [166] : 0x00 (0) + [167] : 0x05 (5) + [168] : 0x20 (32) + [169] : 0x00 (0) + [170] : 0x00 (0) + [171] : 0x00 (0) + [172] : 0x20 (32) + [173] : 0x02 (2) + [174] : 0x00 (0) + [175] : 0x00 (0) + [176] : 0x00 (0) + [177] : 0x02 (2) + [178] : 0x18 (24) + [179] : 0x00 (0) + [180] : 0x0c (12) + [181] : 0x00 (0) + [182] : 0x0f (15) + [183] : 0x10 (16) + [184] : 0x01 (1) + [185] : 0x02 (2) + [186] : 0x00 (0) + [187] : 0x00 (0) + [188] : 0x00 (0) + [189] : 0x00 (0) + [190] : 0x00 (0) + [191] : 0x05 (5) + [192] : 0x20 (32) + [193] : 0x00 (0) + [194] : 0x00 (0) + [195] : 0x00 (0) + [196] : 0x20 (32) + [197] : 0x02 (2) + [198] : 0x00 (0) + [199] : 0x00 (0) + [200] : 0x00 (0) + [201] : 0x09 (9) + [202] : 0x18 (24) + [203] : 0x00 (0) + [204] : 0x0c (12) + [205] : 0x00 (0) + [206] : 0x0f (15) + [207] : 0x10 (16) + [208] : 0x01 (1) + [209] : 0x02 (2) + [210] : 0x00 (0) + [211] : 0x00 (0) + [212] : 0x00 (0) + [213] : 0x00 (0) + [214] : 0x00 (0) + [215] : 0x05 (5) + [216] : 0x20 (32) + [217] : 0x00 (0) + [218] : 0x00 (0) + [219] : 0x00 (0) + [220] : 0x26 (38) + [221] : 0x02 (2) + [222] : 0x00 (0) + [223] : 0x00 (0) + [224] : 0x00 (0) + [225] : 0x02 (2) + [226] : 0x18 (24) + [227] : 0x00 (0) + [228] : 0x0c (12) + [229] : 0x00 (0) + [230] : 0x0f (15) + [231] : 0x10 (16) + [232] : 0x01 (1) + [233] : 0x02 (2) + [234] : 0x00 (0) + [235] : 0x00 (0) + [236] : 0x00 (0) + [237] : 0x00 (0) + [238] : 0x00 (0) + [239] : 0x05 (5) + [240] : 0x20 (32) + [241] : 0x00 (0) + [242] : 0x00 (0) + [243] : 0x00 (0) + [244] : 0x26 (38) + [245] : 0x02 (2) + [246] : 0x00 (0) + [247] : 0x00 (0) + data_size : * + data_size : 0x000000f8 (248) + data_length : * + data_length : 0x000000f8 (248) + result : WERR_OK +[2013/11/07 07:38:50.127915, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000125-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.128053, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 7A 35 ....%... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.128133, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 7A 35 ....%... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.128210, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.128253, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (4->3) +[2013/11/07 07:38:50.128294, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.128455, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000124-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.128585, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 7A 35 ....$... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.128662, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 7A 35 ....$... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.128737, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.128776, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (3->2) +[2013/11/07 07:38:50.128817, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.128979, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000123-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.129117, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.129194, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 7A 35 ....#... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.129269, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.129312, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (2->1) +[2013/11/07 07:38:50.129352, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.129583, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + in: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000122-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.129714, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 7A 35 ...."... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.129792, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 7A 35 ...."... ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.129867, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.129908, 10, pid=20933, effective(0, 5000), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) + regdb_close: decrementing refcount (1->0) +[2013/11/07 07:38:50.130135, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + winreg_CloseKey: struct winreg_CloseKey + out: struct winreg_CloseKey + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.130366, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) + Deleted handle list for RPC connection \winreg +[2013/11/07 07:38:50.130462, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) + get_stored_queue_info: qcount = 0, extra_count = 0 + count:[0], status:[0], [] +[2013/11/07 07:38:50.130556, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_EnumJobs: struct spoolss_EnumJobs + out: struct spoolss_EnumJobs + count : * + count : 0x00000000 (0) + info : * + info : NULL + needed : * + needed : 0x00000000 (0) + result : WERR_OK +[2013/11/07 07:38:50.130773, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:50.130841, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.130886, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 48 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 64 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.131114, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 64 +[2013/11/07 07:38:50.131158, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:50.131200, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:50.131242, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. +[2013/11/07 07:38:50.131294, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0028 (40) + auth_length : 0x0000 (0) + call_id : 0x00000003 (3) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000010 (16) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=16 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ +[2013/11/07 07:38:50.131681, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:50.131729, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 40 bytes. There is no more data outstanding +[2013/11/07 07:38:50.131769, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 40 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:50.131823, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 40 status NT_STATUS_OK +[2013/11/07 07:38:50.131865, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:40] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:50.131910, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/205/127 +[2013/11/07 07:38:50.135331, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.135539, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 205 (position 205) from bitmap +[2013/11/07 07:38:50.135650, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 205 +[2013/11/07 07:38:50.135826, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.135934, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.138040, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.138562, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.138686, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) + mid 205, CreditCharge: 1, NeededCharge: 1 +[2013/11/07 07:38:50.138791, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) + smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2689536844 +[2013/11/07 07:38:50.138902, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) + smbd_smb2_ioctl_send: np_write_send of size 44 +[2013/11/07 07:38:50.139002, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) + np_write_send: len: 44 +[2013/11/07 07:38:50.139103, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 44 +[2013/11/07 07:38:50.139199, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 +[2013/11/07 07:38:50.139297, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) + fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 +[2013/11/07 07:38:50.139397, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 16 +[2013/11/07 07:38:50.139490, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:50.139584, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 +[2013/11/07 07:38:50.139686, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 0 +[2013/11/07 07:38:50.139780, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) + write_to_pipe: data_left = 28 +[2013/11/07 07:38:50.139874, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) + process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 +[2013/11/07 07:38:50.139975, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) + PDU is in Little Endian format! +[2013/11/07 07:38:50.140090, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x002c (44) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000014 (20) + context_id : 0x0000 (0) + opnum : 0x001d (29) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=20 + [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.141225, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) + Processing packet type 0 +[2013/11/07 07:38:50.141321, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) + Checking request auth. +[2013/11/07 07:38:50.141600, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) + push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.141718, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 1 +[2013/11/07 07:38:50.141820, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.143717, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.144184, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) + Requested \spoolss rpc service +[2013/11/07 07:38:50.144292, 4, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) + api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER +[2013/11/07 07:38:50.144399, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) + api_rpc_cmds[29].fn == 0x7f375c25d5f0 +[2013/11/07 07:38:50.144526, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + in: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000011f-0000-0000-7b52-7a35c5510000 +[2013/11/07 07:38:50.144854, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.145052, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.145243, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) + Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 7A 35 ........ ....{Rz5 + [0010] C5 51 00 00 .Q.. +[2013/11/07 07:38:50.145538, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) + Closed policy +[2013/11/07 07:38:50.145642, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + spoolss_ClosePrinter: struct spoolss_ClosePrinter + out: struct spoolss_ClosePrinter + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000000-0000-0000-0000-000000000000 + result : WERR_OK +[2013/11/07 07:38:50.146014, 5, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) + api_rpcTNP: called \spoolss successfully +[2013/11/07 07:38:50.146139, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) + pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.146244, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) + write_to_pipe: data_used = 28 + smbd_smb2_request_pending_queue: req->current_idx = 1 + req->in.vector[0].iov_len = 0 + req->in.vector[1].iov_len = 0 + req->in.vector[2].iov_len = 64 + req->in.vector[3].iov_len = 56 + req->in.vector[4].iov_len = 44 + req->out.vector[0].iov_len = 4 + req->out.vector[1].iov_len = 0 + req->out.vector[2].iov_len = 64 + req->out.vector[3].iov_len = 8 + req->out.vector[4].iov_len = 0 +[2013/11/07 07:38:50.146767, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: received 44 +[2013/11/07 07:38:50.146875, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) + smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 +[2013/11/07 07:38:50.146982, 6, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) + name: \spoolss len: 1024 +[2013/11/07 07:38:50.147086, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) + read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. +[2013/11/07 07:38:50.147211, 1, pid=20933, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0030 (48) + auth_length : 0x0000 (0) + call_id : 0x00000004 (4) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=24 + [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ + [0010] 00 00 00 00 00 00 00 00 ........ +[2013/11/07 07:38:50.148261, 3, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) + free_pipe_context: destroying talloc pool of size 29 +[2013/11/07 07:38:50.148379, 10, pid=20933, effective(0, 5000), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) + Received 48 bytes. There is no more data outstanding +[2013/11/07 07:38:50.148481, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) + smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK +[2013/11/07 07:38:50.148594, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) + smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK +[2013/11/07 07:38:50.148695, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 +[2013/11/07 07:38:50.148804, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/206/127 +[2013/11/07 07:38:50.150619, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) + smbd_smb2_request_incoming: idx[1] of 5 vectors +[2013/11/07 07:38:50.150842, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) + smb2_validate_sequence_number: clearing id 206 (position 206) from bitmap +[2013/11/07 07:38:50.150969, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) + smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 206 +[2013/11/07 07:38:50.151118, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.151245, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) + Security token SIDs (21): + SID[ 0]: S-1-5-21-1376953716-2413384141-3399758289-500 + SID[ 1]: S-1-5-21-1376953716-2413384141-3399758289-512 + SID[ 2]: S-1-5-21-1376953716-2413384141-3399758289-11015 + SID[ 3]: S-1-5-21-1376953716-2413384141-3399758289-513 + SID[ 4]: S-1-5-21-1376953716-2413384141-3399758289-11011 + SID[ 5]: S-1-5-21-1376953716-2413384141-3399758289-11013 + SID[ 6]: S-1-5-21-1376953716-2413384141-3399758289-11012 + SID[ 7]: S-1-1-0 + SID[ 8]: S-1-5-2 + SID[ 9]: S-1-5-11 + SID[ 10]: S-1-5-32-544 + SID[ 11]: S-1-22-1-2002 + SID[ 12]: S-1-22-2-5000 + SID[ 13]: S-1-22-2-5007 + SID[ 14]: S-1-22-2-5001 + SID[ 15]: S-1-22-2-1005 + SID[ 16]: S-1-22-2-5006 + SID[ 17]: S-1-22-2-5005 + SID[ 18]: S-1-22-2-55000 + SID[ 19]: S-1-22-2-55001 + SID[ 20]: S-1-22-2-55002 + Privileges (0x 1FFFFFF0): + Privilege[ 0]: SeMachineAccountPrivilege + Privilege[ 1]: SeTakeOwnershipPrivilege + Privilege[ 2]: SeBackupPrivilege + Privilege[ 3]: SeRestorePrivilege + Privilege[ 4]: SeRemoteShutdownPrivilege + Privilege[ 5]: SePrintOperatorPrivilege + Privilege[ 6]: SeAddUsersPrivilege + Privilege[ 7]: SeDiskOperatorPrivilege + Privilege[ 8]: SeSecurityPrivilege + Privilege[ 9]: SeSystemtimePrivilege + Privilege[ 10]: SeShutdownPrivilege + Privilege[ 11]: SeDebugPrivilege + Privilege[ 12]: SeSystemEnvironmentPrivilege + Privilege[ 13]: SeSystemProfilePrivilege + Privilege[ 14]: SeProfileSingleProcessPrivilege + Privilege[ 15]: SeIncreaseBasePriorityPrivilege + Privilege[ 16]: SeLoadDriverPrivilege + Privilege[ 17]: SeCreatePagefilePrivilege + Privilege[ 18]: SeIncreaseQuotaPrivilege + Privilege[ 19]: SeChangeNotifyPrivilege + Privilege[ 20]: SeUndockPrivilege + Privilege[ 21]: SeManageVolumePrivilege + Privilege[ 22]: SeImpersonatePrivilege + Privilege[ 23]: SeCreateGlobalPrivilege + Privilege[ 24]: SeEnableDelegationPrivilege + Rights (0x 0): +[2013/11/07 07:38:50.153212, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 5000 and contains 9 supplementary groups + Group[ 0]: 5000 + Group[ 1]: 5007 + Group[ 2]: 5001 + Group[ 3]: 1005 + Group[ 4]: 5006 + Group[ 5]: 5005 + Group[ 6]: 55000 + Group[ 7]: 55001 + Group[ 8]: 55002 +[2013/11/07 07:38:50.153837, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) + Impersonated user: uid=(0,0), gid=(0,5000) +[2013/11/07 07:38:50.153977, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) + smbd_smb2_close: spoolss - fnum 2689536844 +[2013/11/07 07:38:50.154103, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) + check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.154204, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: +[2013/11/07 07:38:50.154313, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Locking key E8FF21C5 +[2013/11/07 07:38:50.154439, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) + Allocated locked data 0x0x7f375d355910 +[2013/11/07 07:38:50.154567, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) + Unlocking key E8FF21C5 +[2013/11/07 07:38:50.154672, 5, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) + release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb +[2013/11/07 07:38:50.154769, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) + lock order: 1: 2: 3: +[2013/11/07 07:38:50.154910, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/files.c:525(file_free) + freed files structure 2689536844 (4 used) +[2013/11/07 07:38:50.155056, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) + smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 +[2013/11/07 07:38:50.155170, 10, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) + smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/207/127 +[2013/11/07 07:38:50.681321, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/util/tevent_idle.c:43(smbd_idle_event_handler) + smbd_idle_event_handler: idle_evt(deadtime) (nil) called +[2013/11/07 07:38:50.683416, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/util/tevent_idle.c:54(smbd_idle_event_handler) + smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled +[2013/11/07 07:38:50.683605, 10, pid=20933, effective(0, 5000), real(0, 0)] ../lib/util/tevent_idle.c:43(smbd_idle_event_handler) + smbd_idle_event_handler: idle_evt(housekeeping) (nil) called +[2013/11/07 07:38:50.683717, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/process.c:2628(housekeeping_fn) + housekeeping +[2013/11/07 07:38:50.683893, 4, pid=20933, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) + setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 +[2013/11/07 07:38:50.683999, 5, pid=20933, effective(0, 5000), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) + Security token: (NULL) +[2013/11/07 07:38:50.684114, 5, pid=20933, effective(0, 5000), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) + UNIX token of user 0 + Primary group is 0 and contains 0 supplementary groups +[2013/11/07 07:38:50.684286, 5, pid=20933, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) + change_to_root_user: now uid=(0,0) gid=(0,0) +[2013/11/07 07:38:50.684451, 10, pid=20933, effective(0, 0), real(0, 0)] ../lib/util/tevent_idle.c:54(smbd_idle_event_handler) + smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled